Re: WG Review: Recharter of Integrated Security Model for SNMP (isms)
"C. M. Heard" <heard@pobox.com> Thu, 15 September 2005 02:28 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EFjUR-0003Vj-IR; Wed, 14 Sep 2005 22:28:43 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EFjUP-0003UH-ST for ietf@megatron.ietf.org; Wed, 14 Sep 2005 22:28:41 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA28295 for <ietf@ietf.org>; Wed, 14 Sep 2005 22:28:38 -0400 (EDT)
Received: from smtpout1.bayarea.net ([209.128.95.10]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EFjZ6-00009i-Sh for ietf@ietf.org; Wed, 14 Sep 2005 22:33:34 -0400
Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by smtpout1.bayarea.net (8.12.10/8.12.10) with ESMTP id j8F2SWBT001898; Wed, 14 Sep 2005 19:28:32 -0700
Received: from shell4.bayarea.net (localhost [127.0.0.1]) by shell4.bayarea.net (8.12.11/8.12.11) with ESMTP id j8F2SP2s023025; Wed, 14 Sep 2005 19:28:25 -0700
Received: from localhost (heard@localhost) by shell4.bayarea.net (8.12.11/8.12.11/Submit) with ESMTP id j8F2SP5p023018; Wed, 14 Sep 2005 19:28:25 -0700
X-Authentication-Warning: shell4.bayarea.net: heard owned process doing -bs
Date: Wed, 14 Sep 2005 19:28:24 -0700
From: "C. M. Heard" <heard@pobox.com>
X-Sender: heard@shell4.bayarea.net
To: ietf@ietf.org
In-Reply-To: <200509072021.QAA19324@ietf.org>
Message-ID: <Pine.LNX.4.10.10509141909100.19689-100000@shell4.bayarea.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Subject: Re: WG Review: Recharter of Integrated Security Model for SNMP (isms)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
On Wed, 7 Sep 2005, The IESG wrote: > A modified charter has been submitted for the Integrated > Security Model for SNMP (isms) working group in the Security > Area of the IETF. ... > In order to leverage the authentication information already > accessible at managed devices, the new security model will > use the SSH protocol for message protection, and RADIUS for > AAA-provisioned user authentication and authorization. > However, the integration of a transport mapping security model > into the SNMPv3 architecture should be defined such that it is > open to support potential alternative transport mappings to > protocols such as BEEP and TLS. > > The new security model must not modify any other aspects of > SNMPv3 protocol as defined in STD 62 (e.g., it must not create > new PDU types). If (as I have gathered from the discussion over the past few days) the last sentence quoted above means that it is out of scope for the working group to even consider solutions that allow agents and managers to work on either side of firewalls or NATs, then I think that the charter is drawn too narrowly and should be revised. Indeed, I think that it should be an explicit goal (if not a requirement) for the solution to work even when one of the parties (agent or manager) is unable to accept incoming TCP connections. That issue will have to be addressed eventually, and it is better for implementors to go through the churn once rather than twice. Mike Heard P.S. Note that I am using the words "agent" and "manager" in the traditional sense, i.e., to mean "notification originator + command responder" and "notification receiver + command generator" respectively. _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Re: [Isms] WG Review: Recharter of Integrated Sec… Keith McCloghrie
- ISMS charter broken- onus should be on WG to fix … Eliot Lear
- Re: [Isms] ISMS charter broken- onus should be on… Juergen Quittek
- RE: [Isms] ISMS charter broken- onus should be on… David B Harrington
- Re: [Isms] ISMS charter broken- onus should be on… Eliot Lear
- RE: [Isms] ISMS charter broken- onus should be on… David B Harrington
- Re: [Isms] ISMS charter broken- onus should be on… Sam Hartman
- Re: [Isms] ISMS charter broken- onus should be on… Wes Hardaker
- Re: WG Review: Recharter of Integrated Security M… C. M. Heard