IETF Logo Mail Archive

[OPSAWG] draft-vaughn-tlstm-update-01 (TLSTM Update to support TLS 1.3)

Kenneth Vaughn <kvaughn@trevilon.com> Thu, 21 October 2021 03:38 UTC

Return-Path: <kvaughn@trevilon.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A9943A1129 for <opsawg@ietfa.amsl.com>; Wed, 20 Oct 2021 20:38:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=trevilon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eC7YyFjAnimn for <opsawg@ietfa.amsl.com>; Wed, 20 Oct 2021 20:38:06 -0700 (PDT)
Received: from tre.trevilon.com (tre.trevilon.com [198.57.226.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B4A93A1128 for <opsawg@ietf.org>; Wed, 20 Oct 2021 20:38:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=trevilon.com; s=default; h=To:Date:Message-Id:Subject:Mime-Version: Content-Type:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=0sXhZ91MtAzw9OsTmwgfYyk1s0sP7kww2F1B1fKhBMQ=; b=WGj7xHOO9VmZXxRNZAo2vUZaX2 l4ZZsrJD/XnrWBuxTuunBXQr2bCmhaR0O8Bgeo4ax9+N5z0I61pmnx4DswTb5tpfhcHTGc5/NWJLp CzoaiBomBN+NUhkaiyZS3Z356;
Received: from net9-155.cvctx.com ([66.220.129.155]:55020 helo=smtpclient.apple) by tre.trevilon.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <kvaughn@trevilon.com>) id 1mdOu5-0001BQ-9F for opsawg@ietf.org; Thu, 21 Oct 2021 03:38:05 +0000
From: Kenneth Vaughn <kvaughn@trevilon.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_11B6ED05-29D0-4EAB-9B42-CAFD16795DE7"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Message-Id: <344570CB-D536-4FE5-82B9-32E8F8B63277@trevilon.com>
Date: Wed, 20 Oct 2021 22:38:04 -0500
To: opsawg@ietf.org
X-Mailer: Apple Mail (2.3654.120.0.1.13)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - tre.trevilon.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - trevilon.com
X-Get-Message-Sender-Via: tre.trevilon.com: authenticated_id: kvaughn@trevilon.com
X-Authenticated-Sender: tre.trevilon.com: kvaughn@trevilon.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/VzFEqCgrx6x2e4UJvFi0LGfwKNM>
Subject: [OPSAWG] draft-vaughn-tlstm-update-01 (TLSTM Update to support TLS 1.3)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2021 03:38:13 -0000

I would like to present https://datatracker.ietf.org/doc/draft-vaughn-tlstm-update-01/ <https://datatracker.ietf.org/doc/draft-vaughn-tlstm-update-01/>. This document is a proposal to update to RFC 6353 (TLS Transport Model for SNMP) to reflect the needs of TLS 1.3. 
As a little bit of background, SNMP is widely used within Intelligent Transportation Systems (ITS) to monitor, manage and control field devices, as defined in the National Transportation Communication for ITS Protocols (NTCIP) standards, ISO standards, and specifications in the United Kingdom. As you may know, CISA has declared the transportation infrastructure to be “critical infrastructure”, and the ITS community is very interested in ensuring that this infrastructure is adequately protected, especially as these systems are increasingly relied upon by modern connected vehicles. 

RFC 6353 defines how to use (D)TLS 1.2 authentication to control data access within SNMP. Unfortunately, its design is not entirely compatible with TLS 1.3. As such, the ITS community is interested in producing an update to RFC 6353 and believes it would be in everyone's best interests to produce this document as an IETF publication, assuming that its development can proceed in a timely manner. 
In an effort to promote further discussion on this topic, the NTCIP and ISO communities have requested that I reach out to the IETF to initiate a conversation on this topic. I was originally directed to the SECDISPATCH group and based on my presentation to that group at IETF 111, the decision was made to redirect this effort to OPSAWG. The presentation I made to the SECDISPATCH group is available at https://trevilon.com/download/RFC6353Proposal.pptx <https://trevilon.com/download/RFC6353Proposal.pptx>; this presentation explains the motivation behind this update proposal.

Many thanks for your considerations and I look forward to our future discussions. Please let me know if you have any questions.
Regards,
Ken Vaughn

Trevilon LLC
6606 FM 1488 RD #148-503
Magnolia, TX 77354
+1-936-647-1910
+1-571-331-5670 cell
kvaughn@trevilon.com
www.trevilon.com

v2.23.0 | Report a Bug | By Email