Re: ISMS working group and charter problems
Margaret Wasserman <margaret@thingmagic.com> Wed, 07 September 2005 13:42 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ED0CH-0003J2-Ry; Wed, 07 Sep 2005 09:42:41 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ED0CE-0003Iu-U4 for ietf@megatron.ietf.org; Wed, 07 Sep 2005 09:42:39 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA19924 for <ietf@ietf.org>; Wed, 7 Sep 2005 09:42:37 -0400 (EDT)
Received: from [204.9.221.21] (helo=thingmagic.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ED0FQ-0005zo-Ge for ietf@ietf.org; Wed, 07 Sep 2005 09:45:56 -0400
Received: from [66.30.121.250] (account margaret HELO [192.168.2.7]) by thingmagic.com (CommuniGate Pro SMTP 4.1.8) with ESMTP-TLS id 512039; Wed, 07 Sep 2005 09:44:33 -0400
Mime-Version: 1.0
Message-Id: <p0620073cbf449a21c847@[192.168.2.7]>
In-Reply-To: <261A1E9D259E6FA3B9203B61@B50854F0A9192E8EC6CDA126>
References: <431DD3BD.9090108@cisco.com> <431DD94C.8070907@dcrocker.net> <261A1E9D259E6FA3B9203B61@B50854F0A9192E8EC6CDA126>
Date: Wed, 07 Sep 2005 09:42:33 -0400
To: Harald Tveit Alvestrand <harald@alvestrand.no>, dcrocker@bbiw.net, Eliot Lear <lear@cisco.com>
From: Margaret Wasserman <margaret@thingmagic.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
Cc: IETF Discussion <ietf@ietf.org>
Subject: Re: ISMS working group and charter problems
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
At 12:26 AM +0200 9/7/05, Harald Tveit Alvestrand wrote: >I believe that the ISMS WG's proposal is about ADDING the >possibility of SNMP over TCP, not about CHANGING SNMP to use TCP. >UDP will still work. That is correct. UDP and the current SNMPv3 USM security mechanisms will still work. They will also remain mandatory parts of SNMPv3. >And I believe Eliot's concern is about letting the TCP session that >carries the SNMP PDUs be opened from the agent to the manager, >rather than from the manager to the agent (yes I know - this is >SNMPv1 terminology, but I've forgotten the SNMPv3 terminology); that >is another feature that comes in addition to what the group is >apparently currently working on. >And just BTW: I find "call home" reasonable to specify too, once >you've done TCP. It's obvious enough that I think it will be added >to implementations whether or not we specify it, so we should have >very strong reasons not to do so. >I don't even believe you need to "turn" the session, since SNMPv3 >doesn't recognize the concept of a "direction" for a session.... >just let the PDUs flow.... Unless I am seriously misunderstanding something, this is a bit more complicated than you and Eliot seem to think that it is... The command responder (agent) is a stateless piece of software that simply responds to queries as they are received. It has no way to anticipate when queries will be received, and no concept of what other systems it would like to receive queries from. So, where would it get the information necessary to open a connection to the manager? How would it know what to do if the manager could not be reached? How would it know when he connection should be taken down? Now, I am not saying that I couldn't come up with an answer to these questions -- it seems likely that we'd have to grow another SNMP MIB that would control how/when/if the command responder would attempt to establish a communication connection with the command generator, etc. I agree that SNMP over TCP might be an important element of this solution, but it is already defined in RFC 3430. So, if there really is sufficient interest in adding call home capability to SNMP, I don't see why the IETF couldn't do this work. But, why does anyone think that we should do this work in the Security area in a WG that is tasked with integrating the SNMP security model with SSH and RADIUS? Margaret _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Pekka Savola
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- RE: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Randy Presuhn
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Dave Singer
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Brian E Carpenter
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Firewall considerations (Re: ISMS working group a… Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Melinda Shore
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Margaret Wasserman
- Confusion about ISMS rechartering Sam Hartman
- Re: Confusion about ISMS rechartering Dave Crocker
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Margaret Wasserman
- RE: ISMS working group and charter problems Fleischman, Eric
- Re: ISMS working group and charter problems Spencer Dawkins
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Daniel Senie
- RE: ISMS working group and charter problems Nelson, David
- Re: ISMS working group and charter problems Tom Petch
- Fwd: ISMS working group and charter problems Rich Morin
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Wes Hardaker
- ISMS working group and charter problems Brent Chapman