IETF Logo Mail Archive

Re: [OPSAWG] CALL FOR ADOPTION: Transport Layer Security Verion 1.3 (TLS 1.3) Transport Model for the Simple Network Management Protocol Version 3 (SNMPv3)

Kenneth Vaughn <kvaughn@trevilon.com> Thu, 09 December 2021 16:06 UTC

Return-Path: <kvaughn@trevilon.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A65F3A0DE6 for <opsawg@ietfa.amsl.com>; Thu, 9 Dec 2021 08:06:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=trevilon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LgiRauv4fVD5 for <opsawg@ietfa.amsl.com>; Thu, 9 Dec 2021 08:06:21 -0800 (PST)
Received: from tre.trevilon.com (tre.trevilon.com [198.57.226.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F1593A0DE4 for <opsawg@ietf.org>; Thu, 9 Dec 2021 08:06:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=trevilon.com; s=default; h=References:To:Cc:In-Reply-To:Date:Subject: Mime-Version:Content-Type:Message-Id:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=0q7HmTa9loDHx4uOyfb0QdB9tmjVyqMLGyDvXh78oVc=; b=cV+YemGi5EwzUyns0y32Z1Q0Db dTwz9f0IpnFQPC7M19kLqU9ED+Nk0bg3fDa3hwFYy2b8BTPX4ECmITc9/PrNrMoaLWSFcK4jB+6G+ OHUSd1ZWjgkXfxwh8QGDip62d;
Received: from mobile-166-173-248-249.mycingular.net ([166.173.248.249]:15058 helo=smtpclient.apple) by tre.trevilon.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <kvaughn@trevilon.com>) id 1mvLw4-0004Vt-0A; Thu, 09 Dec 2021 16:06:20 +0000
From: Kenneth Vaughn <kvaughn@trevilon.com>
Message-Id: <C5DA9417-EC9D-42BF-97F1-5131658FD732@trevilon.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_18803E0C-2619-4603-9624-4379F82BC5CE"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Thu, 09 Dec 2021 10:06:17 -0600
In-Reply-To: <11447.1637421883@localhost>
Cc: "opsawg@ietf.org" <opsawg@ietf.org>
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <BL1PR11MB53687965E7A0BD7C0F090073B89C9@BL1PR11MB5368.namprd11.prod.outlook.com> <11447.1637421883@localhost>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - tre.trevilon.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - trevilon.com
X-Get-Message-Sender-Via: tre.trevilon.com: authenticated_id: kvaughn@trevilon.com
X-Authenticated-Sender: tre.trevilon.com: kvaughn@trevilon.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/YRhVCjOyf8nrvdg4NKO_aJP67Oc>
Subject: Re: [OPSAWG] CALL FOR ADOPTION: Transport Layer Security Verion 1.3 (TLS 1.3) Transport Model for the Simple Network Management Protocol Version 3 (SNMPv3)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2021 16:06:27 -0000

Without a doubt, the review of this document requires both SNMP experts and TLS experts. Based on my presentations to both areas (SecDispatch and OPSAWG), it would appear that both have concerns that they do not have adequate expertise - nonetheless, there appears to be consensus that the work needs to be done. In short, we need a home and we need to make sure that we then outreach to ensure adequate expertise. 

It should be noted that this is largely how my draft was developed. With the aid of limited USDOT funding, I was able to gain the assistance of Dr. Michaela Vanderveen, who is a security expert, whereas I made sure the MIB and other aspects were properly aligned with SNMP. While I do not speak for the USDOT, I suspect if there is a need for more targeted assistance that it can be acquired - but ideally, we can find experts from the IETF community to provide input. In either case, I am confident that we can get this properly reviewed by the necessary experts.

Regards,
Ken Vaughn

Trevilon LLC
6606 FM 1488 RD #148-503
Magnolia, TX 77354
+1-936-647-1910
+1-571-331-5670 cell
kvaughn@trevilon.com
www.trevilon.com

> On Nov 20, 2021, at 9:24 AM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> Joe Clarke \(jclarke\) <jclarke=40cisco.com@dmarc.ietf.org> wrote:
>> Hello, WG.  Kenneth presented
>> https://datatracker.ietf.org/doc/draft-vaughn-tlstm-update/ at IETF112
>> to us, and this was previously presented at SecDispatch at IETF111.  The
>> feeling there was that this work had merit, but Sec didn't have enough
>> SNMP experience to be the owner.  At the AD level, the feeling was that
>> perhaps opsawg did have the expertise and could pick this up.
> 
> I guess I missed this from IETF111.
> I scanned the document briefly, and I don't see that much that requires
> *SNMP*-fu, so much as it requires TLS-fu.
> 
> I think that the document will get lost in OPSAWG.
> 
> Traditionally, WGs do their own MIB modules... so I don't understand why it
> is not in TLS.
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>           Sandelman Software Works Inc, Ottawa and Worldwide
> _______________________________________________
> OPSAWG mailing list
> OPSAWG@ietf.org
> https://www.ietf.org/mailman/listinfo/opsawg

v2.23.0 | Report a Bug | By Email