[Isms] Question regarding RFC 6353

Kenneth Vaughn <kvaughn@trevilon.com> Fri, 17 July 2020 12:59 UTC

Return-Path: <kvaughn@trevilon.com>
X-Original-To: isms@ietfa.amsl.com
Delivered-To: isms@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1278E3A0B44 for <isms@ietfa.amsl.com>; Fri, 17 Jul 2020 05:59:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=trevilon.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 3U2wN_wCmLL7 for <isms@ietfa.amsl.com>; Fri, 17 Jul 2020 05:59:00 -0700 (PDT)
Received: from tre.trevilon.com (tre.trevilon.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABE503A0B3F for <isms@ietf.org>; Fri, 17 Jul 2020 05:59:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=trevilon.com; s=default; h=To:Date:Message-Id:Subject:Mime-Version: Content-Type:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=0tgtSJD/bdpQ/5B58bBBMZpvvLWGFM86ft/qy7X1xhg=; b=nwLKv7xm1ufF3Dul+UGSeTgbjf bb0imhWeLjQyk953kx7yJ5+m6p4krPQ47NRXoM+6go7c++uUQBc03B0boxbgaTeIwaca7mGq2Q/Dz fzk81/S7IbXVf1LSNZwHQHGok;
Received: from 75-148-252-134-houston.hfc.comcastbusiness.net ([]:52046 helo=[]) by tre.trevilon.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <kvaughn@trevilon.com>) id 1jwPx5-0003S8-Pv for isms@ietf.org; Fri, 17 Jul 2020 12:58:59 +0000
From: Kenneth Vaughn <kvaughn@trevilon.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8962D5E6-B7D2-41F1-90C2-B945E9CB669C"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
Message-Id: <840CBD97-1D31-48EB-A210-65CC0B43FFDC@trevilon.com>
Date: Fri, 17 Jul 2020 07:58:58 -0500
To: isms@ietf.org
X-Mailer: Apple Mail (2.3608.
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - tre.trevilon.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - trevilon.com
X-Get-Message-Sender-Via: tre.trevilon.com: authenticated_id: kvaughn@trevilon.com
X-Authenticated-Sender: tre.trevilon.com: kvaughn@trevilon.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/isms/Oa9P8Nh6jhngCLuih39xQja-CqA>
Subject: [Isms] Question regarding RFC 6353
X-BeenThere: isms@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list for the ISMS working group <isms.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isms/>
List-Post: <mailto:isms@ietf.org>
List-Help: <mailto:isms-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2020 12:59:02 -0000

Hello and thank you for your time.

I am providing guidance to both ISO TC 204 and the USDOT on the best policies on upgrading systems currently based on prior versions of SNMP to the latest security solutions for SNMPv3.

RFC 6353 (TLSTM for SNMP) specifically references RFC 5246 (TLSv1.2), however, TLS has been updated to TLSv1.3. I have not identified any technical reason why using TLSv1.3 would create problems vs TLSv1.2, but technically RFC6353 does not require this.

Are there any plans to update RFC6353 to reference TLSv1.3? If not, are you aware of any technical problem in others (e.g., ISO TC 204, USDOT, etc) writing a specification that requires the use of RFC 6353 with the stated exception that all references to TLSv1.2 must be replaced with references to TLSv1.3? Or do you believe it would be appropriate to submit (and do you believe there would there be an IETF group interested in receiving) a proposal for a new RFC that updates the reference? If so, who should that update proposal be sent to?

Thank you for your help in this matter.

Ken Vaughn

Trevilon LLC
6606 FM 1488 RD #148-503
Magnolia, TX 77354
+1-571-331-5670 cell