Re: ISMS working group

[Keith McCloghrie <kzm@cisco.com>]

Margaret,

> None of this seems very material to the ISMS discussion, though...
> 
> Today SNMP (whether it is running over UDP or TCP) doesn't have the 
> call home feature.  Do you really think it is reasonable to tie the 
> addition of that feature to the definition of a new security 
> mechanism for the existing SNMP protocol?  If so, why?
 
Today's SNMP (whether it is running over UDP or TCP) has datagram-based
security (or no security).  What the ISMS WG is proposing to do is to
introduce session-based security.  The definition of session-based
security will need to decide how to tie the security in one direction
with the security in the other direction, and the factors involved in
such a tie include a subset of the requirements for Call Home.

> IMO, we need to try to do our work in manageable chunks in the right 
> groups/areas.  A security area working group working on a new 
> security mechanism for the existing SNMP model is one chunk.  Perhaps 
> an OPS area WG working on an optional SNMP call home mechanism is 
> another...?  I don't see how the level of change/disruption to the 
> vendor community is substantially affected by whether these two 
> separate mechanisms are defined in one IETF working group or two.
 
If there are going to be two WGs, then the split between them needs to
be non-overlapping.  With the split you propose, there is a common
subset of the two, and if the common subset is defined in different WGs,
they are likely to make incompatible decisions, i.e., the Call Home
won't be able to work over session-based security.

Keith.

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf