Re: ISMS working group and charter problems
Margaret Wasserman <margaret@thingmagic.com> Wed, 07 September 2005 13:10 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECzge-0004dc-Ow; Wed, 07 Sep 2005 09:10:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECzgV-0004ca-CA; Wed, 07 Sep 2005 09:09:51 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA18264; Wed, 7 Sep 2005 09:09:50 -0400 (EDT)
Received: from [204.9.221.21] (helo=thingmagic.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ECzjd-00058W-Dz; Wed, 07 Sep 2005 09:13:08 -0400
Received: from [66.30.121.250] (account margaret HELO [192.168.2.7]) by thingmagic.com (CommuniGate Pro SMTP 4.1.8) with ESMTP-TLS id 511988; Wed, 07 Sep 2005 09:11:27 -0400
Mime-Version: 1.0
Message-Id: <p0620073abf4489a3eaca@[192.168.2.7]>
In-Reply-To: <431E7EA7.3030005@cisco.com>
References: <20050906231355.7FBD73BFD6F@berkshire.machshav.com> <431E7EA7.3030005@cisco.com>
Date: Wed, 07 Sep 2005 09:05:12 -0400
To: Eliot Lear <lear@cisco.com>
From: Margaret Wasserman <margaret@thingmagic.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Cc: nanog@merit.edu, IETF Discussion <ietf@ietf.org>, iesg@ietf.org
Subject: Re: ISMS working group and charter problems
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
Hi Eliot, [I am writing as a participant in ISMS and other SNMP-related WGs. This note is not intended to represent the reasoning that I would use ot make a decision about the ISMS charter in an IESG context.] As you know, I disagree with your opinion that call-home functionality should be added to the ISMS charter for three reasons: (1) I don't think that call home fits within the scope of the ISMS group. I am not necessarily saying that we shouldn't do this somewhere in the IETF, just not in this WG. IMO, the ISMS group has one very important purpose: Many people are using SNMPv1/v2 today and have not upgraded to SNMPv3 because of the (perceived) cost and complexity of deploying SNMPv3 security. ISMS will integrate SNMP security with existing, widely-deployed security infrastructure such as SSH and RADIUS, so hopefully people will start using SNMP security. This is a security area WG. It is not charged with producing a next-generation of SNMP, just with the (important) task of integrating the current generation of SNMP with more widely-deployed security mechanisms. I personally think that tightly-scoped WGs are good. I also think that it would be inappropriate to add new architectural features to SNMP in a security area WG. (2) I do think that call home represents a significant architectural change to SNMP, for the same reasons that Randy Presuhn has offered. I'd also like to emphasize one of his points -- we have already defined how SNMP runs over TCP (in RFC 3430), so ISMS is not the first group to consider this. Running SNMP over TCP did not require the types of operational changes that you are discussing. IMO, the idea of an SNMP command responder (agent) initiating the communication is not as simple as you have portrayed it. There are many open questions, like: How would the command responder know what manager(s) to contact? When should the command responder try to initiate the communication? How often should it re-try if the initial contact fails? What should it do if the connection drops? SNMP command responders are stateless entities that simply respond to the queries they receive in the order that they receive them. Changing them so that they can initiate and effectively manage a communication connection to the manager is a pretty big change, IMO. (3) I am not certain that there are a large number of people who want to initiative SNMP management communication through a NAT/Firewall who do not have the ability to allow/tunnel an SSH connection through that same NAT/Firewall. In my experience, NATs and Firewalls are usually placed at the boundaries of an administrative area. In many cases, they are intentionally used to prevent access to internal systems from the outside. I have not run into many cases where a network administrator has wanted to allow management access to systems from outside of the local network, but perhaps you have? If you do believe that this is a common need, I think that you will need to better define/explain your use cases. Margaret _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Pekka Savola
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- RE: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Randy Presuhn
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Dave Singer
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Brian E Carpenter
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Firewall considerations (Re: ISMS working group a… Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Melinda Shore
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Margaret Wasserman
- Confusion about ISMS rechartering Sam Hartman
- Re: Confusion about ISMS rechartering Dave Crocker
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Margaret Wasserman
- RE: ISMS working group and charter problems Fleischman, Eric
- Re: ISMS working group and charter problems Spencer Dawkins
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Daniel Senie
- RE: ISMS working group and charter problems Nelson, David
- Re: ISMS working group and charter problems Tom Petch
- Fwd: ISMS working group and charter problems Rich Morin
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Wes Hardaker
- ISMS working group and charter problems Brent Chapman