IETF Logo Mail Archive

Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tlstm-update-03.txt

tom petch <ietfc@btconnect.com> Mon, 09 May 2022 09:17 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6630EC159524 for <opsawg@ietfa.amsl.com>; Mon, 9 May 2022 02:17:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09W__pHbsZWv for <opsawg@ietfa.amsl.com>; Mon, 9 May 2022 02:16:58 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02on0714.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe06::714]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9194C14F734 for <opsawg@ietf.org>; Mon, 9 May 2022 02:16:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ELKb5KntCobyU4/BX5d7GenJuNYn83bO4lCd134k16welhGYYiuLXGzvZSPjnA0+D1fIgJa3JvkVV8K2PRtSePiwucYOV9wOwNQYVMvoARmF/jLfyn3IL+m29+pkLPmyrzN8dSiaM+7EEEcIJS5RLcUab9QRpmN0Ser7DS1u1gVBVE//wGtz0E9ObY6iDjpfa8Qo0WsanDQkLnjMoKB69buGxOdC+hhh47YzZV76rVodXyiqZv03Tg0c9FdO2zggcQKAnETm2U4Ry2B4ihPMYOmzUEnbLzcCHw/hyAjYGb0oZeWyQ250hWjKiQ3Z/UwRVn8KPVi7zYfxEVQfSeaP6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gV/JYkV9FRuKQy5d52NAxZ2oPaSR50294N2KXErW8NY=; b=BMFKHUEIJNapXrHD3NhZo5+0m8i+8RVqxpyqlLyU7wMQrKHDByYL8Rps0kt/wdTcqLPgkRsfTvA1h+6gmmyIQJKAmg5ys1nhg6A/wI/2Txydgwk+9rMpb/LUtyrar0lNX9RsY7EQa9hq5R7TYAgbAXjSoDp6Qrk7KaO4C+AIeIXV2Kyxi1QY0yhMK8Boe8p+sfuAubhAPSBhxhnF7fcsumyNanxeDB/8Hi9vOigNrmDtay7ogxHEDk3vl0kF+/mdq2HNsvJKdWh3XTTMeLmLnN+MG9CF5VI80375CMQmFmccVfjWUbGmGYjM8XFdGOErfJinP+WPDDl/JKrddzaDqg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gV/JYkV9FRuKQy5d52NAxZ2oPaSR50294N2KXErW8NY=; b=wk4DHiRxC/atV4Rrn+BH13KwIBzsLeWsaCQsa9JUxae7bxkLh6t/jadK+AO9cKmhUNDx8hJjHUhlN7SAwophkATLiK/ZqPQb+gGDOifRJqyalHL75dWGvu1EioQHhLWjKTni18RSk07ZrOwT25ykpiP0J0HwAZMaWtmV0dk+gZk=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by AM0PR07MB5570.eurprd07.prod.outlook.com (2603:10a6:208:109::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.12; Mon, 9 May 2022 09:16:52 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::4960:6f2d:2a52:fde9]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::4960:6f2d:2a52:fde9%5]) with mapi id 15.20.5250.012; Mon, 9 May 2022 09:16:52 +0000
From: tom petch <ietfc@btconnect.com>
To: Kenneth Vaughn <kvaughn@trevilon.com>, Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de>
CC: "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: [OPSAWG] I-D Action: draft-ietf-opsawg-tlstm-update-03.txt
Thread-Index: AQHYYJHlI9Yy19Yw8E6Ejlav0ep9Tq0QYyuAgAAGcwCAAAv+AIAABHWAgAAeAICAASZDgIAEiv5V
Date: Mon, 09 May 2022 09:16:52 +0000
Message-ID: <AM7PR07MB6248EFE5165F4825C4EB89DCA0C69@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <165176326806.21170.7970429698376920855@ietfa.amsl.com> <25605241-AA65-45C9-A9BF-8FAF23F5CAA0@trevilon.com> <20220505153250.5a5sqznqye43snkf@anna> <61B8C6FA-EB69-4BA8-BF2E-2B0B4F355A4A@trevilon.com> <20220505163143.u6ftgecoo6k33lbd@anna> <FE7C2230-6506-4AE9-BD74-C19D1542F44F@trevilon.com> <AM7PR07MB6248CFBD77116B20A3A330C8A0C59@AM7PR07MB6248.eurprd07.prod.outlook.com>
In-Reply-To: <AM7PR07MB6248CFBD77116B20A3A330C8A0C59@AM7PR07MB6248.eurprd07.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e8f41035-c761-440e-7313-08da319ca77b
x-ms-traffictypediagnostic: AM0PR07MB5570:EE_
x-microsoft-antispam-prvs: <AM0PR07MB5570C3FE537BC4076A1D2EA6A0C69@AM0PR07MB5570.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6lgyB+lRiy5vyEcVScOsPtSEQsQNUy9Tsibmj+2t5AEnMqjzE0h0DYsFTJ6PWikRqrIl4RHvRp/5fJY0vDGjBVGFvNcSBURrK0LJz+rZ7p7xvfQP1qO98THVVxww5xJ7vHqnrKoUaICMNZwMQ34S6+h9T6Dsjy+0TUDn0xhij6j7KfqF78Am9cx/Q4F6rFoRFtNHtGJtfSG00yOjs+VlTVpGBVLdES9fNWjoDmTY9qgC98VGkNXQc9CL1DTRvuFQepN0G2rY+annSawM97FpIzio3S2XxK3RjneSDF6YzNfG/2veMW5lOpzHC2t+2669HwaLAKy1upAij/gI7rN9i+YTP3FgJOhH+HPjFAvZkaXN2hMHDqRW9x/EC+lVM2Zxy4AB7pokKhyfc5vr2ofQRQ19fIsXw726/BCacDQf5wESOTV8VXlSy8SljrEBhkNJTva5sztP8vtxlUu7nAr2uhGeIfdGUJ5GsQDD8+qr12ko+RuYOYPRi1mHimR3AX/ATt5h7pRrTYHt2rSU8BPqUck27T9gWLLWr4xwuOhOZOIxjlbXSb3RZiUosvHo1Ncxt5PL7FQY3lYRnIxftFPvGuE89TyiAc/vVpLHS5JFTrbsqk7Hh/VI2apRKqVmZV7EnRZv89a7pt57SknfWB3pAk8xSSGWfr+oOljGpZoNZkKc9eiKbfTbWi7M0uq9qz3AIdeDIOAOCwcJtwclrv7MhCcUasQS1rwD9VXfF9PlwSm6MsfAo5LKcU+VueyXoQYXS/2BHMbVP6ZLomqyDruZs+rdltletWw24c5VNR5zO6bJCYTS2fnzIiQ2T6iDvimU5kCh8bzpfleyIxe5cx79nw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(53546011)(82960400001)(7696005)(55016003)(6506007)(38100700002)(66574015)(508600001)(9686003)(15650500001)(122000001)(33656002)(966005)(2906002)(40140700001)(38070700005)(186003)(5660300002)(71200400001)(76116006)(91956017)(110136005)(52536014)(26005)(66556008)(66946007)(8936002)(15974865002)(4326008)(8676002)(83380400001)(86362001)(66476007)(64756008)(316002)(66446008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: orMQW5toPMcWOeab6YtSMSqwZ0xWF93tZptoQf4BXWWtTFmcopI981K4uPgI+Y3GChQaI6RZut9aW7U9AyaKbGwKYQ5qnZBtGlFsJDFjLYk3sWTixEBg/+3/upGLoacv+mxym5quMjNWCNaMYDavR1CTYiOri0+V/FJYotAzQqjhb4h8nEaqgU4IMuS5aPb8Oltn4UJtmDnLXSoU5X1F3ocjrddqytkZyD8n5iyhwz7W/4MiWxHT6BWHgxLgpebyvppXHuVmsyIMZIvCOzL/aiEXA+qB4eN5djPrEQJBAY0o80f8M9yLWY6z/wopQ46PLpFhsBdujxhQWrljV4nyuu5vBhwhhOeRAqE6q0Ar4zz2LWErpoARngU4481AWUH8Gw7xUzDtDe4qsX7Mu7jGou+KxlXvUGr2G2xlppU/p6SLYIjkJtxV5yonMz+s06mFfCOLSJQ3ckSyEzcbFUmuCZV4TXtD79c+i1xTLUbTagY851ouN7yDWchQ3eDTtYk0N8PIagqggByV5xaYqEP0EXHGzomJZr/WrFVXCsk02+hBbqICcOGyLt2aV5Rouq7MG5wOZkdcGctY6o1avpAQJK0OFWRE7Qn+M59RuC0B4/AwK8L1SGfkG34uXFa59TMjC0KWqKWzKsZBZMR6fdjtP5eKFNWmZvWP12zZGUmrFr39wgMyR8LGM0JmgG+EJlZ+rzwSNxMYXyuaPSJIYw7OuZ9Dam/Qq5RTib+RgIeIxbcIHltsGpa5DNDA+QNYp6SgO9hNgrTUsxNrQ5IanvZwf8S+EmRivuABSFXAUCZhL+kK1PwKnD/0AL1oQYHS8/V7U9WRMmFkWDeRiRozE8d1cY3fpjJ4H/QGSJ2QZqHRQ6Ihe0jI8I2JinvHH0HqRWBFc4tkH+SVx6qARhz5Si4L41l24FPDzZ8OrPGsfkSmbD9hYGLm5gaa7f3WEMdfL09mAZfTJcRtV1V0qFXQLOSTZrYAdCf1RZk7MBFAR0KCivh8TuRNACap1f1Ww0WwkdH0o43dwNtMW9vPCCBIwpSoom0KX6CbQSUaR0OeggILIMHm2yyUZz1E+uQ76CY4Rt22QVqim3hQz2LG5hSSboWxsmqrF00wChjgaT9P+sMG3QAmy5XsWjpikdXD5q7Tg9sfJQdJ2+R/FJ7hme4ZVEy6CmFyFBgLee+lYAg29LoqLo6G5DdvN6udl74JYZPqTDrfkJaJRKPzNbf3fcc2tL9qCc7wterz0Ac1M2USGPAtjkyfe1HeceabE4AoMjrxXLuIYI0Ea1+PdZE9eWw/3fHORNS28IyRtbyVBTi31eDYB+YPPmcG6eTLaGri3a/Lf7RZnkzRI/M7WrfVs5BeumlQhRkoRoSsHlZJMGnL48F25s9RGG0Pwd6M+2J6gD8YBHoVZsqN1KX/mNrCNAAY7tUqLayc8vs6gQy1F6+q3TPQh43X18jDWT15lBD/2NMdl1PRvBplgEKQ17xUzUU9H+ng0jiC2wZCI4Q/UBcsSd6Nv01V0erbQcHr0Rh+E5Q+RJQhdXyv26gpcyqeFacTJ4/ubhkDAO+gLXkesMHu1FYLjEWjG2jcczMZrbykEvT1CmC4EfNQkZCutyTrpWcl3UHfYZINHVWIlpWKaRxrCubSodQOygBxy5NwHHp09oZaxY6QMZfGYMVL6aJfPaoRItBsokMXW0mes6DgYtQFCxBrQxvm0NJ22i9QuMTSp/oiUPPEIMVrfmeBd8xo4C14csN2BQ==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e8f41035-c761-440e-7313-08da319ca77b
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 May 2022 09:16:52.0734 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MO+TBRZ3l7IXuKQu1VGPaKJQf4X1A/cjoTLs2vxx+IIgkqsWmq8aQEPesM+4Xaop9CKS26fv7vbva+RS378gXA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5570
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/9srYQiPStQSMl8duQyta2cFvycY>
Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tlstm-update-03.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2022 09:17:02 -0000

From: tom petch <ietfc@btconnect.com>
Sent: 06 May 2022 13:05

From: OPSAWG <opsawg-bounces@ietf.org> on behalf of Kenneth Vaughn <kvaughn@trevilon.com>
Sent: 05 May 2022 19:19

<tp>
following up my previous e-mil, I would make the IANA Considerations something like

=============================
IANA is asked to created a new registry 
SNMP Hash Algorithms
in the 
Structure of Management Information (SMI) Numbers (MIB Module Registrations)
Group.

The registry has fields value, description, DTLS-OK and reference.

The range of values is zero to 255.  Values zero to two are reserved as are values 7 to 223.  Values 224 to 255 are reserved for private use.

The initial entries for values three to six are listed in section 2.1 of this document.


The policy for updates is Expert Review.  The expert should consult the Security Area, e.g. via the mailing list of the TLS WG (the initial values of this registry are taken from an existing TLS Registry so the TLS WG would seem the best fit for this).

In addition, a new entry MUST be added to the SNMP-TLSTM HashAlgorithm Registry every time a new hash algorithm is approved for any version of TLS or DTLS.  A separate entry MUST NOT be created when an existing hash algorithm is used as a part of a new (D)TLS cipher suite.
===============================================
with section 2.1 including the values from the current regisry.

Tom Petch



I have no real problem either way; unless I hear someone else argue for making it automatic in the next couple of days, I will delete the last two sentences of the first paragraph of the IANA Considerations so that it will read:

This document requires the establishment of a new SNMP-TLSTM HashAlgorithm Registry, which is referenced in the above MIB as being located at "http://www.iana.org/assignments/tlstm-parameters/". The initial values for this table MUST be identical to the contents of the TLS HashAlgorithm Registry (RFC 5246).

While future additions to the IANA TLS HashAlgorithm Registry are not expected, any future addition to the IANA TLS HashAlgorithm Registry MUST be consistent with the values assigned in the proposed IANA SNMP-TLSTM HashAlgorithm Registry.

<tp>
Problem one;  the IANA website is a mess because IANA do what they are told:-(  This makes data difficult or impossible to find.  The RFC on IANA now calls for a two part structure of group and registry.  Here a group exists for SMI and that is where anyone should expect to find this registry so the instructions should then ask for the creation of a algorithm registry in the
Structure of Management Information (SMI) Numbers (MIB Module Registrations)
Group (alongside such as
SMI Security for Cryptographic Algorithms).
You have already seen how familiar security experts are with the abbreviation TLSTM.

Problem two; the registry you suggest for initial values includes MD5.  If that gets past IESG then it is time to abandon any pretence of security.  I think that only four values are currently appropriate.

Problem three; a registry needs an update policy.  Expert Review might be suitable.  It is up to IANA and the IESG to find experts, not us.

Tom Petch


Regards,
Ken Vaughn

Trevilon LLC
6606 FM 1488 RD #148-503
Magnolia, TX 77354
+1-936-647-1910
+1-571-331-5670 cell
kvaughn@trevilon.com<mailto:kvaughn@trevilon.com>
www.trevilon.com<http://www.trevilon.com>

On May 5, 2022, at 11:31 AM, Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de<mailto:j.schoenwaelder@jacobs-university.de>> wrote:

We made the mistake by simply reusing the TLS hash algorithm for a
different purpose. We now factor things out by having a separate
registry for the hashing algorithms used to create certficate
fingerprints. But why would we now tie this back to TLS hashing
algorithms? In modern TLS, I think they only register entire
ciphersuites, do we really expect them to go an register any new hash
algorithm that comes along into the registry of hash algorithms for
producing certificate fingerprints?

I understand the "we are too lazy to do this" argument but then still
I would expect that if a new hash is being implemented for certificate
fingerprinting, someone would find the energy to register it.

/js

On Thu, May 05, 2022 at 11:15:46AM -0500, Kenneth Vaughn wrote:
There is no definition of TLSTMv1.3 nor do we version MIB modules
Agreed, This is old text that I missed from when this was intended to be a replacement to RFC 6353 rather than an update. I think it is best to just delete the sentence so the paragraph would now read "[RFC6353] stated that TLSTM clients and servers MUST NOT request, offer, or use SSL 2.0. [RFC8996] prohibits the use of (D)TLS versions prior to version 1.2." While the statement is not technically required as it is stated elsewhere, I believe there was a comment during IETF 113 that we should be explicit about this.

In addition, a new entry
 MUST be added to the SNMP-TLSTM HashAlgorithm Registry every time a
 new hash algorithm is approved for any version of TLS or DTLS.
I guess there are two issues here: 1) What do we want and 2) What wording is used for IANA instructions

In the first case, while I accept that there is not a strict technical requirement to implement every hash algorithm adopted by TLS, I am hard pressed to think of why we would ever not want to support one (or what practical harm it would cause). If we don't make the cross-assignment automatic, it seems as if it would be incumbent upon the WG to explicitly make requests every time a new hash algorithm came along. That seems to be extra bureaucratic work for OPSAWG and it seems as if it would be easier to make it a part of the IANA process. So the proposal is that it should be automatic (which is in agreement with a comment made at the IETF 113 meeting)

If we agree that it should be automatic, then the second issue is how do we state this. I am happy to revise the wording as appropriate; I certainly am not an expert in writing those statements.

If we don't want it to be automatic, then perhaps we need to reach consensus on how new entries will be added.

Regards,
Ken Vaughn

Trevilon LLC
6606 FM 1488 RD #148-503
Magnolia, TX 77354
+1-936-647-1910
+1-571-331-5670 cell
kvaughn@trevilon.com<mailto:kvaughn@trevilon.com>
www.trevilon.com

On May 5, 2022, at 10:32 AM, Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de> wrote:

Before I go and check the details...

 [...] TLSTMv1.3 MUST only be used with
 (D)TLS version 1.2 and later.

What does this MUST tell me? There is no definition of TLSTMv1.3 nor
do we version MIB modules. I understand the intention of the statement
but we need to be more careful about the wording.

And what about this:

 [...] In addition, a new entry
 MUST be added to the SNMP-TLSTM HashAlgorithm Registry every time a
 new hash algorithm is approved for any version of TLS or DTLS.

Why would that be a MUST? The SnmpTLSFingerprint is used by the MIB
module to hash certificates and as such this hashing has nothing to do
with any TLS internal use of hash algorithms. The reuse of the TLS
hash registry back then was a matter of convenience, not a matter of
having a strong binding to the TLS internal usage of hash algorithms.

/js

On Thu, May 05, 2022 at 10:09:45AM -0500, Kenneth Vaughn wrote:
I have uploaded a new version of the "Updates to the TLS Transport Model for SNMP". This version includes the following changes:
Changed the name of the registry to the SNMP-TLSTM registry
Updated reference to DTLS 1.3 to reflect the publication of RFC 9147
Clarified the first paragraph of Conventions to indicate that references to TLS, DTLS, (D)TLS, and TLSTM are version neutral except where specific versions need to be cited.
Changed "SNMPv3" to "SNMP" in several locations where the specific version reference was unnecessary with our convention statement
Indicated that Additional Rules for TLS 1.3 "may additionally apply to future versions of TLS"
The document has been through several review cycles and has also been vetted by the TLS WG. At this point, changes are primarily editorial and I believe it is stable enough to proceed to the next step of the approval process.

Regards,
Ken Vaughn

Trevilon LLC
6606 FM 1488 RD #148-503
Magnolia, TX 77354
+1-936-647-1910
+1-571-331-5670 cell
kvaughn@trevilon.com
www.trevilon.com

On May 5, 2022, at 10:07 AM, internet-drafts@ietf.org wrote:


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Operations and Management Area Working Group WG of the IETF.

     Title           : Updates to the TLS Transport Model for SNMP
     Author          : Kenneth Vaughn
Filename        : draft-ietf-opsawg-tlstm-update-03.txt
Pages           : 30
Date            : 2022-05-05

Abstract:
This document updates the TLS Transport Model (TLSTM), as defined in
RFC 6353, to reflect changes necessary to support Transport Layer
Security Version 1.3 (TLS 1.3) and Datagram Transport Layer Security
Version 1.3 (DTLS 1.3), which are jointly known as "(D)TLS 1.3".
This document is compatible with (D)TLS 1.2 and is intended to be
compatible with future versions of SNMP and (D)TLS.

This document updates the SNMP-TLS-TM-MIB as defined in RFC 6353.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-opsawg-tlstm-update/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-opsawg-tlstm-update-03.html

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tlstm-update-03


Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg



_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg


--
Jürgen Schönwälder              Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>



--
Jürgen Schönwälder              Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email