IETF Logo Mail Archive

Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tlstm-update-01.txt

Kenneth Vaughn <kvaughn@trevilon.com> Sun, 06 March 2022 13:14 UTC

Return-Path: <kvaughn@trevilon.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10D2D3A08CC for <opsawg@ietfa.amsl.com>; Sun, 6 Mar 2022 05:14:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=trevilon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DcMVyDgTurGs for <opsawg@ietfa.amsl.com>; Sun, 6 Mar 2022 05:14:24 -0800 (PST)
Received: from tre.trevilon.com (tre.trevilon.com [198.57.226.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84ABB3A08C5 for <opsawg@ietf.org>; Sun, 6 Mar 2022 05:14:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=trevilon.com; s=default; h=Message-Id:In-Reply-To:To:References:Date: Subject:Mime-Version:Content-Type:From:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=xP4jNoZrg8wim8DIP6jLylXXoRLiN1hlAgY95A/Lj1o=; b=RkDgJCsi8raeuunvCESEi8ZpwR KmB4iBmNXNXseBrJbj9Nh0Oy7Vtncp4TUONqs1tcKIxL/9MlQWN6M5EaeHLexINT9901fRV1ETvO6 aNKQi+QnyAroG2Ea7W2hwd544;
Received: from [92.119.18.113] (port=57150 helo=smtpclient.apple) by tre.trevilon.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <kvaughn@trevilon.com>) id 1nQqiM-00049N-Nk; Sun, 06 Mar 2022 13:14:22 +0000
From: Kenneth Vaughn <kvaughn@trevilon.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_36516304-A10E-4F79-92FD-D0F6DD66D161"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\))
Date: Sun, 06 Mar 2022 07:14:20 -0600
References: <164653008970.31708.8719487856127881636@ietfa.amsl.com>
To: opsawg@ietf.org, Wes Hardaker <wjhns1@hardakers.net>
In-Reply-To: <164653008970.31708.8719487856127881636@ietfa.amsl.com>
Message-Id: <3FC64B46-2A9B-421E-A0A2-C2B9ADB50338@trevilon.com>
X-Mailer: Apple Mail (2.3693.60.0.1.1)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - tre.trevilon.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - trevilon.com
X-Get-Message-Sender-Via: tre.trevilon.com: authenticated_id: kvaughn@trevilon.com
X-Authenticated-Sender: tre.trevilon.com: kvaughn@trevilon.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/FHrixQXfB_T9LgtEjvXmP8Q3uDo>
Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tlstm-update-01.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Mar 2022 13:14:31 -0000

This draft responds to the various comments received to date. The big changes are as follows:
1. It proposes the creation of a new registry, which will initially be identical to the TLS 1.2 Hashing Algorithm Identifier Table but will be separate so that we can add new rows as needed to support future algorithms without implying that those algorithms are valid for TLS 1.2. This required a corresponding edit to the SnmpTLSFingerprint object to reference the new table.

2. It removes the previously proposed restrictions related to USM, prior SNMP versions, and CommonName. The text from RFC 6353 still apply.

3. Several changes were made to reflect proper capitalization of key words in conformance to BCP14 and I changed a couple of "MAY NOT"s (which are ambiguous) to "MUST NOT".

NOTE: One comment that I could not address is whether OPSAWG should also be updating RFC 7407 for YANG



Specific response to comments are provided below:
Is this an update or a replacement?
	Assuming the reference to a new identifier table is allowed, it is a minor update
Has the original author been contacted?
	He was previously; I've included him on this email as well.
Remove anchors from the abstract
	Done
Should this document be specific to 1.3?
	The current approach is 100% backwards compatible with RFC 6353 so works with 1.2 and 1.3. It is impossible to know what changes will be made in the future, but the changes that have been made should make it more likely to work with future versions of TLS
RFC 6353 has already been updated by 8996 (i.e., prohibiting prior TLS versions)
	Added a reference to RFC8996
We should not change the status of USM
	Text removed
Verify all key words are marked
	All key words have been capitalized and within the body of the document (i.e., not the MIB) they are marked with <bcp14> tags
Need to discuss multi-version
	No need to as there is no real change to the MIB (just referencing a different table, but all of the objects stay the same)
Concerns about designating new objects with "13"
	With adopted approach, there are no longer any new objects
Missing closing quote on CONTACT INFO
	Corrected and checked MIB text with a validator
Update "Simplified BSD" to "Revised BSD"
	Done
Detail changes in the MIB's revision clause
	Done


I also corrected a couple of spelling errors

Regards,
Ken Vaughn

Trevilon LLC
6606 FM 1488 RD #148-503
Magnolia, TX 77354
+1-936-647-1910
+1-571-331-5670 cell
kvaughn@trevilon.com
www.trevilon.com

> On Mar 5, 2022, at 7:28 PM, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Operations and Management Area Working Group WG of the IETF.
> 
>        Title           : Transport Layer Security Version 1.3 (TLS 1.3) Transport Model for the Simple Network Management Protocol Version 3 (SNMPv3)
>        Author          : Kenneth Vaughn
> 	Filename        : draft-ietf-opsawg-tlstm-update-01.txt
> 	Pages           : 33
> 	Date            : 2022-03-05
> 
> Abstract:
>   This document updates the TLS Transport Model (TLSTM), as defined in
>   RFC 6353 to support Transport Layer Security Version 1.3 (TLS) and
>   Datagram Transport Layer Security Version 1.3 (DTLS), which are
>   jointly known as "(D)TLS".  This document may be applicable to future
>   versions of SNMP and (D)TLS.
> 
>   This document updates the SNMP-TLS-TM-MIB as defined in RFC 6353.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-opsawg-tlstm-update/
> 
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ietf-opsawg-tlstm-update-01.html
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tlstm-update-01
> 
> 
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
> 
> 
> _______________________________________________
> OPSAWG mailing list
> OPSAWG@ietf.org
> https://www.ietf.org/mailman/listinfo/opsawg
>

v2.23.0 | Report a Bug | By Email