IETF Logo Mail Archive

ISMS charter broken- onus should be on WG to fix it

Eliot Lear <lear@cisco.com> Mon, 12 September 2005 19:53 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EEuMo-0004xf-Io; Mon, 12 Sep 2005 15:53:26 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EEuMm-0004uu-5O; Mon, 12 Sep 2005 15:53:24 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11962; Mon, 12 Sep 2005 15:53:22 -0400 (EDT)
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EEuR0-0007Dw-Jm; Mon, 12 Sep 2005 15:57:48 -0400
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-3.cisco.com with ESMTP; 12 Sep 2005 12:53:12 -0700
X-IronPort-AV: i="3.97,102,1125903600"; d="scan'208"; a="340935239:sNHT35095060"
Received: from imail.cisco.com (imail.cisco.com [128.107.200.91]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id j8CJr94u009211; Mon, 12 Sep 2005 12:53:10 -0700 (PDT)
Received: from [212.254.247.4] (ams-clip-vpn-dhcp4541.cisco.com [10.61.81.188]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id j8CK5mbr017325; Mon, 12 Sep 2005 13:05:49 -0700
Message-ID: <4325DCA2.2070400@cisco.com>
Date: Mon, 12 Sep 2005 21:53:06 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Sam Hartman <hartmans-ietf@mit.edu>
References: <200509072021.QAA19324@ietf.org> <43252AE6.7000704@cisco.com> <tslhdcq2qdi.fsf@cz.mit.edu>
In-Reply-To: <tslhdcq2qdi.fsf@cz.mit.edu>
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
DKIM-Signature: a=rsa-sha1; q=dns; l=5228; t=1126555551; x=1126987751; c=nowsp; s=nebraska; h=Subject:From:Date:Content-Type:Content-Transfer-Encoding; d=cisco.com; i=lear@cisco.com; z=Subject:ISMS=20charter=20broken-=20onus=20should=20be=20on=20WG=20to=20fix=20it| From:Eliot=20Lear=20<lear@cisco.com>| Date:Mon,=2012=20Sep=202005=2021=3A53=3A06=20+0200| Content-Type:text/plain=3B=20charset=3DISO-8859-1| Content-Transfer-Encoding:7bit; b=E9IqOZOZrawqsH/djvp3Hia4Dn/z3zssdRSCka8qSVzzQ4mLU5OfMDLSxkHTlbI4Qy34pNYi JtMB3RAc5IA+HPNtt0VcLV2flNoqhuFbts00NJ3FTQndk25aYnmAJ7sx4EGF01P3p+HhCX0HwJC YA7y09dklGvN6qF/5XIU4RCc=
Authentication-Results: imail.cisco.com; header.From=lear@cisco.com; dkim=pass ( message from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 29dc808194f5fb921c09d0040806d6eb
Content-Transfer-Encoding: 7bit
Cc: IETF Discussion <ietf@ietf.org>, iesg@ietf.org, isms@ietf.org
Subject: ISMS charter broken- onus should be on WG to fix it
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

Sam,

I believe the approach you have proposed is quite simply wrong.  As an
AD you're supposed to provide technical oversight and not simply hold a
popularity contest.  If you have technical questions or wish to
challenge me on a technical point, I think that's fair game.

As I've written, the path we are headed down technically will not work
in the face of firewalls and NATs, and nobody has refuted this.

Furthermore you've heard from a reasonably large customer (Boeing) as
well as your predecessor on the prevalence of such middle boxes that
demonstrates the complexity of today's environment and the need for this
sort of functionality as part of the solution.

You've heard from an author of SNMP that the major architectural change
is the use of session based security and NOT CH, the same from the
former O&M AD and IETF chair.  You've heard from a service provider as
well as numerous members of the community who see the problem.

You may or may not have yet heard from other standards bodies but if you
were to delay it is quite possible they will chime in since one was
specifically interested in this sort of function.

The amount of changes required to support CH cannot fully be ascertained
until more of the the [Todo]s are filled in with Dave's draft, but I
don't imagine the work would be much more than:

 - specifying how to initiate the connection and if necessary turn it
 - the identity used for requests received from command generators that
   did not initiate the connection along with potential prepopulating
   of various tables
 - an appendix of how the SNMP-TARGET-MIB would be populated
 - a discussion on when to initiate connections and what to do when
   they fail (mind you this is needed anyway regardless of CH)
 - security considerations involving firewalls, blocking, etc.
 - possibly one additional table describing the state of SSH peer
   connectivity (which probably wouldn't be bad to have anyway).

Decide for yourself if you think this is a substantial amount of text,
but I won't leave it to your imagination for long.  I will attempt this
week to post a derivative of the draft that Dave is working on to give
people an idea of what the changes would be.

Again it's difficult to diff an incomplete specification.

Eliot

>>>>>>>>>>> "Eliot" == Eliot Lear <lear@cisco.com> writes:
> 
> 
>     Eliot> I request an extension of the deadline for comments to
>     Eliot> September 21st on the following basis:
> 
>     Eliot>  - the period of comment has been less than a week, far
>     Eliot> shorter than the normal period of IETF-wide review.  - of
>     Eliot> the time allotted, the principle instigator of this review
>     Eliot> has been absent from debate for five days due to prior
>     Eliot> commitments.  That was me.
> 
> Hi, Eliot.  I have not made any determination as yet about whether I
> will pull ISMS from the Thursday telechat and am unlikely to make a
> final determination until the time of that telechat.
> 
> 
> When I originally ruled call home out of scope I gave you some
> suggestions for how to approach things from a process standpoint.  In
> evaluating your request I will consider how much progress has been
> made on these issues so far and on whether it is likely that you could
> make additional progress on these issues by September 21.
> 
> Let us go back and consider my original advice to you:
> 
>   When the charter is sent to me for IESG review, ask me to send it out
>   for external review (IETF wide) rather than just approving it; I will
>   honor such a request.  You will need a proposal ready to present to
>   the community when the charter comes out for review.  The proposal
>   should include proposed modifications to the charter to make call home
>   in scope.  In addition you probably want to answer the following
>   concerns:
> 
>   * People believe that architectural changes to SNMP should happen in
>     the management not security area.  Either convince them that this is
>     OK in the security area, propose moving the working group, or
>     propose splitting the work appropriately.
> 
>   * Address the concerns about the lack of MIBs and other facilities for
>     managing call home.  Have a proposal ready for what is involved in
>     doing the work.
> 
> 
>   * Understand concerns Bert is likely to raise and respond to them.
> 
> 
> 
> so, here are some specific questions related to our progress to date
> on these items.  Answering these questions will help me determine
> whether extending the review period to September 21 is likely to be
> productive.
> 
> 1) Have you proposed a specific set of charter changes?  Who has
>    supported these charter changes?
> 
> 2) How have you addressed the specific concerns about the location of
>    the work ?  Who has agreed with your proposed resolution?
> 
> 3) Is there a consensus emerging that CH needs to be solved as part of
>     ISMS?  This is the part where additional time is most likely to
>     help you, but I think it fair to ask who has supported blocking
>     ISMS on CH so far.  Note that people who support CH but who
>     believe it could be done in a separate working group or who have
>     not expressed an opinion do not count.  They may well count for
>     justifying support for a CH BOF or for justification of a
>     publication request for an individual submission adding CH to the
>     SNMP architecture.
> 
> 
> 4) What response have you given to concerns about whether the
>    architectural extensions for CH are sufficiently well defined?  Who
>    has supported this proposal?
> 
> 
> 
> 5) How are your discussions going with Bert to resolve his concerns?
>     What about other key members of the management community who have
>     expressed concerns?
> 
> 
> 
> Here's how I'm going to make a decision.  I believe that in order to
> get a change to the SNMP charter it is necessary to make significant
> progress on all of these issues.  I'm going to evaluate your answers
> and consider whether I think the progress to date makes it likely that
> you will have sufficient support for a new charter by September 21
> without significant opposition.  In other words whether the community
> and IESG can agree to the new charter by the end of the review period.
> If the progress to date makes it likely that we're headed in that
> direction, I'll grant the request.  Otherwise I will ask the IESG to
> approve the charter on Thursday.
> 
> 
> There's an internal issue that may well prevent the charter from being
> announced before the 21st even if no formal extension is granted.
> 
> 
> --Sam
> 



_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email