RE: ISMS working group and charter problems
"Fleischman, Eric" <eric.fleischman@boeing.com> Wed, 07 September 2005 19:04 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ED5Dm-0008Um-TV; Wed, 07 Sep 2005 15:04:34 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ED5Dk-0008U7-Um for ietf@megatron.ietf.org; Wed, 07 Sep 2005 15:04:33 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA09266 for <ietf@ietf.org>; Wed, 7 Sep 2005 15:04:31 -0400 (EDT)
Received: from stl-smtpout-01.boeing.com ([130.76.96.56]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ED5Gu-0007G1-45 for ietf@ietf.org; Wed, 07 Sep 2005 15:07:53 -0400
Received: from blv-av-01.boeing.com ([192.42.227.216]) by stl-smtpout-01.boeing.com (8.9.2.MG.10092003/8.8.5-M2) with ESMTP id OAA22882; Wed, 7 Sep 2005 14:04:05 -0500 (CDT)
Received: from XCH-NWBH-11.nw.nos.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.11.3/8.11.3/MBS-AV-LDAP-01) with ESMTP id j87J45Q06495; Wed, 7 Sep 2005 12:04:05 -0700 (PDT)
Received: from XCH-NW-6V1.nw.nos.boeing.com ([130.247.55.53]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 7 Sep 2005 12:04:04 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 07 Sep 2005 12:04:03 -0700
Message-ID: <474EEBD229DF754FB83D256004D02108BBC8EF@XCH-NW-6V1.nw.nos.boeing.com>
Thread-Topic: ISMS working group and charter problems
Thread-Index: AcWzshygc7/E3gWTQEWvFEub9XIDKgAKjVfw
From: "Fleischman, Eric" <eric.fleischman@boeing.com>
To: Margaret Wasserman <margaret@thingmagic.com>, Harald Tveit Alvestrand <harald@alvestrand.no>, dcrocker@bbiw.net, Eliot Lear <lear@cisco.com>
X-OriginalArrivalTime: 07 Sep 2005 19:04:04.0599 (UTC) FILETIME=[EA5CD070:01C5B3DE]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Content-Transfer-Encoding: quoted-printable
Cc: IETF Discussion <ietf@ietf.org>
Subject: RE: ISMS working group and charter problems
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
At 12:26 AM +0200 9/7/05, Harald Tveit Alvestrand wrote: >>I believe that the ISMS WG's proposal is about ADDING the >>possibility of SNMP over TCP, not about CHANGING SNMP to use TCP. >>UDP will still work. >From: Margaret Wasserman [mailto:margaret@thingmagic.com] >That is correct. UDP and the current SNMPv3 USM security mechanisms >will still work. They will also remain mandatory parts of SNMPv3. Whoa, now, Margaret. Your statement is technically accurate that traditional SNMPv3 USM will hopefully co-exist with ISMS indefinitely, and therefore SNMP-over-UDP will remain viable within the historic USM context. However, your statement is inaccurate within the context of this discussion, which is ISMS. I actively supported the formation of the ISMS WG through a series of BOFs because I concluded years ago that SNMPv3 USM is inadequately securable for large deployments (doesn't scale, no PFS, symmetric key distribution problems, etc.), requires us to deploy a unique SNMP-only authentication/authorization system that doesn't integrate with any enterprise wide alternative, and is therefore needlessly expensive and of dubious value within multi-vendor environments. By coupling ISMS with SSH, which currently only operates over TCP, the current ISMS solution being forwarded by the WG is TCP-dependent. TCP doesn't operate effectively in all parts of the deployments which which I am associated. That is why I have been trying to encourage the WG to enable ISMS to be flexibly designed to be deployable in a wide variety of environments on a locally-appropriate manner (i.e., use TCP where it works well and UDP where it works well). This has not happened. --Eric _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Pekka Savola
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- RE: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Randy Presuhn
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Dave Singer
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Brian E Carpenter
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Firewall considerations (Re: ISMS working group a… Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Melinda Shore
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Margaret Wasserman
- Confusion about ISMS rechartering Sam Hartman
- Re: Confusion about ISMS rechartering Dave Crocker
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Margaret Wasserman
- RE: ISMS working group and charter problems Fleischman, Eric
- Re: ISMS working group and charter problems Spencer Dawkins
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Daniel Senie
- RE: ISMS working group and charter problems Nelson, David
- Re: ISMS working group and charter problems Tom Petch
- Fwd: ISMS working group and charter problems Rich Morin
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Wes Hardaker
- ISMS working group and charter problems Brent Chapman