IETF Logo Mail Archive

Re: [OPSAWG] CALL FOR ADOPTION: Transport Layer Security Verion 1.3 (TLS 1.3) Transport Model for the Simple Network Management Protocol Version 3 (SNMPv3)

"Joe Clarke (jclarke)" <jclarke@cisco.com> Tue, 18 January 2022 20:00 UTC

Return-Path: <jclarke@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCC713A1557 for <opsawg@ietfa.amsl.com>; Tue, 18 Jan 2022 12:00:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.594
X-Spam-Level:
X-Spam-Status: No, score=-9.594 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=F9r2N8lI; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=IU7rxDRl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z478ullZWPW6 for <opsawg@ietfa.amsl.com>; Tue, 18 Jan 2022 12:00:34 -0800 (PST)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 552683A1538 for <opsawg@ietf.org>; Tue, 18 Jan 2022 12:00:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=51172; q=dns/txt; s=iport; t=1642536024; x=1643745624; h=from:to:cc:subject:date:message-id:references: mime-version; bh=rDMbgkWXk+ioHJhPVSCeABq6UH5yVd6rZCbcjLiYzMo=; b=F9r2N8lIh1V99PlT1ifFgs2RM5VTnALDVkvKB1TENd9TWCCVWAzb8S1e I2C75Ckk5UaM89SKPqlC8gVEUxw9Aj1zIkYWR2z0mxZEgtLUqtradNPR/ Yr/LRTCZIEyNTHO6EOvGy90Q7F2/7rorxtQZFm4f+6fcohByo8rFsinuc M=;
X-IPAS-Result: A0AaBwA+G+dh/5NdJa1agQmBWYEhMVYHd1o3MYgOA4U5hQ6DApshgS4UgREDVAsBAQENAQE3CgQBAYUFAoNIAiU0CQ4BAgQBAQEBAwIDAQEBAQEBAwEBBQEBAQIBBgSBCROFaA2GQwIBAxILEBMBASkOAQ8CAQgOKgECCzIlAgQBDQ0agmOCDlcDLgEOokoBgToCih94gTOBAYIIAQEGBASBOgKDURiCNwMGgTqDDoQcgwGECCccgUlEgViCNzA+gRmBSgSBRBwrgyKCLpAzAXIBLBAmBFNQfRIMKBQFEZNbi26gSgqDRZ9uFYNwpAGWQiCCJaNxAgQCBAUCDgEBBoFhO4FEDgdwFTuCaQlIGQ+OV4M6hRSFSnQCNgIGCwEBAwmQLQEB
IronPort-PHdr: A9a23:CnGFmBelycAcbDmEKX5GabgklGM/tYqcDmcuAtIPh7FPd/Gl+JLvd Aza6O52hVDEFYPc97pfiuXQvqyhPA5I4ZuIvH0YNpAZURgDhJYamgU6C5uDDkv2ZPfhcy09G pFEU1lot3G2OERYAoDwfVrX93az9jUVXB74MFkdGw==
IronPort-Data: A9a23:auLakasoIcJ9FVLy4odsR31kCOfnVOpcMUV32f8akzHdYApBsoF/q tZmKWqOO6yDMWagLt0gPY+3/RlQu5HVzdQ2SFc6/igyFXkSgMeUXt7xwmUckM+xwmwvaGo9s q3yv/GZdJhcokcxIn5BC5C5xZVG/fngqoHUVaiUakideSc+EH170Us6y7Zj6mJVqYHR7z2l6 IuaT/L3YDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyV94KYkGE2EByCQrr+4sQKNb 72rILmRpgs19vq2Yz+vuu6TnkYiGtY+MeUS45Zbc/DKv/RMmsA9+ox4GtAzUl1lsmWYxvtBk edfkqf3cQh8a8UgmMxFO/VZOzt1MasD87jdLD3m6IqYzlbNdD3nxPAG4EMeZNJDvL0oRzAVs 6VEd1jhbTjb7w6y6LCwTuB2hckLJ8jwN4RZsXZlpd3cJaZ/EcCYE/uVvLe02h8Q1v12P87Eb vA7KhxOQS/KWAxxHnoYXcdWcOCAwyOXnydjgE2XpawsukDTxRZ92bvgKsGTfNGWLe1Shl2Ru W3u/mnlDFcdLtP34TuI7nynruXTliT9Xo8ZCPuz8fsCqF6Nz3EcCBs+SUG2v/i9jUj4UNVaQ 3H44QI0pqQ0sUesVNS4BkT+q3+ftRlaUN1VewEn1DywJmPvy17xLgA5ovRpN4xOWBMeLdDy6 mK0og==
IronPort-HdrOrdr: A9a23:OaeNQqhSp4NQ6RiTHLcMjwzHRnBQX2x13DAbv31ZSRFFG/FwyP rOoB1L73HJYWgqN03IwerwRJVpQRvnhPlICPoqTMiftWjdySSVxeRZjbcKrAeQYBEWmtQtsJ uIEJIORuEYb2IK9/oSiTPQe71LrbX3k9HLuQ6d9QYRcegAUdAH0+4NMHfiLqQAfng+OXNWLu v52uN34x6bPVgHZMWyAXcIG8LZocfQqZ7gaRkaQzY69Qinl1qTmf/HOind+i1bfyJEwL8k/2 SAuRf+/L+fv/ayzQKZ/3PP7q5RhMDqxrJ4dYyxY4kuW3bRYzSTFcFcso65zXQISSaUmREXee z30lUd1gJImjXsly+O0ELQMkLboUgTAjfZuC6laD3Y0JTErPZQMbsauWqfGSGpsHbI9esMoJ 5jziaXsYFaAgjHmzm479/UVwtynk7xunY6l/UP5kYvG7f2RYUh5bD3xnklW6vo3RiKnLwPAa 1rFoXR9fxWeVSVYzTQuXRu2sWlWjA2Eg2dSkYPt8SJ23wO9UoJg3cw1YgahDMN5Zg9Q55L66 DNNblpjqhHSosTYbhmDOkMTMOrAijGQA7KMmiVPVP7fZt3dk7lutry+vE49euqcJsHwN87n4 nASkpRsSood0fnGaS1rdR2G9D2MROAtBjWu7NjDqlCy8rBreDQQF6+oXgV4r6dn8k=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.88,298,1635206400"; d="scan'208,217";a="818838671"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Jan 2022 20:00:19 +0000
Received: from mail.cisco.com (xbe-rcd-002.cisco.com [173.37.102.17]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 20IK0Ie1026954 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Tue, 18 Jan 2022 20:00:19 GMT
Received: from xfe-rcd-003.cisco.com (173.37.227.251) by xbe-rcd-002.cisco.com (173.37.102.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Tue, 18 Jan 2022 14:00:19 -0600
Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xfe-rcd-003.cisco.com (173.37.227.251) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Tue, 18 Jan 2022 14:00:18 -0600
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Tue, 18 Jan 2022 14:00:18 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WHNnE9ASrwTvXlR28IKTMGwNGjKlEhi0WR8halWfL7kDsW964ZKE+ThzH1wqx2Bci3hx32KVKRePqdqlrhxrrMZB5dhdG6zHM9Uo+dEs5wWqEfoi5PZsHfrNAQhFsSC/srDEihuRpEBiufNMNGYua6dML3geIKwNsGFIpZ3T+mmB2z+UIUYQkTG+SMxIyWmA3eYCSh15sbyLNQEqdBaPlYsK9FBjuLWksCl2h8GJYsztXJm+InUYJuV/RckSodfKaUx6IhMNpx+A4QsZ73ZEuNPEjV6hVfA5WsOE/7LchCL5yvd1FdHO1m4h681fU2/H5s7/PdhR8yEZ2bfc1K6yqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=W7n8oYmnVilI1JZwK1S/LlH9shn+THrFUv7S/lA6l18=; b=bXewpxmhCgu2nbH24Vl1yR8AitZjZ3ZCb4Y0KwA1RORkPUh6zosGxeHwpldFqdkz+tC3eJsTFwnpGAh6NOAO2UcNDuy5uKQ90nAGcUXkvyodNKilcgFQ/dej9kFVSS313FNI7AtUjalbhaA3+DW/6R1LyI4GQFAXOQU0WhTOojky60eHk5jDaG6mQeLRtagdABymO/rn/gpQgq2/i2k4U3S15m4v4UcUqoBRfco2C2DVo23f9OMkec31hkq1fv615JXNakrNuxAkFY3Rd/GJqG4kaDMs2t62n1n1jJ849gumFhT512UD2vpNA0dcBxDi6qEeZpwWWwQMUPgy/eMNdA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W7n8oYmnVilI1JZwK1S/LlH9shn+THrFUv7S/lA6l18=; b=IU7rxDRl3LTOcGBrxoNpntgEy2tNCOOeYL3z7ixOqtve+ABDsthKa1A4dbRXQY65ltRdd8qVspl7nt/KRhSwkBoZmo6i4ZGbw1XIOdriOx2WiwQmHGQiFrjgCEJU8jjtvV7WkkiSzzzzmY7HQsomLIwOy63Y3Al4m574r5QGJUo=
Received: from BN9PR11MB5371.namprd11.prod.outlook.com (2603:10b6:408:11c::11) by CY4PR11MB1381.namprd11.prod.outlook.com (2603:10b6:903:2f::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4888.11; Tue, 18 Jan 2022 20:00:12 +0000
Received: from BN9PR11MB5371.namprd11.prod.outlook.com ([fe80::b82c:ba22:f9e0:6a8]) by BN9PR11MB5371.namprd11.prod.outlook.com ([fe80::b82c:ba22:f9e0:6a8%5]) with mapi id 15.20.4888.013; Tue, 18 Jan 2022 20:00:12 +0000
From: "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: Kenneth Vaughn <kvaughn@trevilon.com>, tom petch <ietfc@btconnect.com>
CC: "opsawg@ietf.org" <opsawg@ietf.org>, Wes Hardaker <wjhns1@hardakers.net>
Thread-Topic: [OPSAWG] CALL FOR ADOPTION: Transport Layer Security Verion 1.3 (TLS 1.3) Transport Model for the Simple Network Management Protocol Version 3 (SNMPv3)
Thread-Index: AQHX3WJAdwbymTOhak2O6ZI6lGf3sQ==
Date: Tue, 18 Jan 2022 20:00:12 +0000
Message-ID: <BN9PR11MB53712E1EF03FF3644B5CC048B8589@BN9PR11MB5371.namprd11.prod.outlook.com>
References: <BL1PR11MB53687965E7A0BD7C0F090073B89C9@BL1PR11MB5368.namprd11.prod.outlook.com> <BN9PR11MB537169D7B4D554A3B3C9796CB8769@BN9PR11MB5371.namprd11.prod.outlook.com> <AM7PR07MB624852B472EAFAF009EF2DE9A0789@AM7PR07MB6248.eurprd07.prod.outlook.com> <9E5FF73A-0A84-4083-A672-AE3DD254EA7A@trevilon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 64bc05fb-0d13-4b8d-dd39-08d9dabd2322
x-ms-traffictypediagnostic: CY4PR11MB1381:EE_
x-microsoft-antispam-prvs: <CY4PR11MB138117DF57154452F4C2E42EB8589@CY4PR11MB1381.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3MU0RK9vKxcv0mSWaKEpXZmMUCs46ghfeaqeQYxsJdrl3usqVH9PzSWxRNI+RDq076N2cflm5a3Li6kReYj3d6q6SOMl3WruoIy8x0fXIgkJGsJAeGpfQa5+kdD6mSgMmsYF751RqH6ZcN+FAOXT27DOqwdM0GHug/Eeerr5lETNGOuZI6/4KLGkR6Sx9ab2LASWGUjnJpZrIOOGNmgXD0sf5P6RLNgZwN9XjupUdkjxvfAv08GWK6K3aWgR0mqVaknfJVSGaCuQzxspSyDnn4PjzmTt/PbgAVZoHSa8eQ3i5EV4c2aLwnsXNxFPmQAmcABDNPnwnlt0dboTTeEKsRHW9oINpLkeXicDPDeHLoIYonuIE1lpB5+dOuygmkpIhaVvs5tx5/wGPduGVgnO+xc2lwpQGgauAJszlNJwtNFkFFEE9m4AhP9z0nLs90Kj8f/QCo8uo+9AxscGXIrn368juUJIHsif8TleRmw4GBiowjC3sLLgXj/kbrj6wPPd7KGjS1WpVkWB2Rx40ornpTwF9zXM1NDbkJ1pIj4YRzEKR9q06VCqGy2C8NuTKUC+5Kn26EWERENSoBlKY0vBPyGahlNmOHtZaoPkwyNiAQL9TDJUcKg0iOKQGsHJcGbNXkL63moAX6xW11hjSTm6+EhYefKBflDeNCwXyNZAySBeS2nIpisJrjHNv2cM8LIrZagIcXP421JDLR+c3QOjXTSNCqrQHgDtOEHD9agn7gUz315SNNa5RMaVdxQDjmOJH5Z3i7QpOJRyWJeUbTtprG8B7ARP5yUGtK6M1IONIOc=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN9PR11MB5371.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(186003)(83380400001)(2906002)(52536014)(71200400001)(66556008)(66446008)(26005)(76116006)(66476007)(66946007)(5660300002)(122000001)(166002)(64756008)(4326008)(86362001)(91956017)(966005)(8676002)(6506007)(15650500001)(110136005)(33656002)(9686003)(38070700005)(7696005)(508600001)(8936002)(316002)(55016003)(38100700002)(53546011)(54906003)(579004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: XeJTBUroHaYLQz6KOAxH0wm1IUvJi2tSKgf7BD+BJest+jmQYgSqvTX7XMkh99abz9X02dtlde6vZfUCFmWD/I5+HMnrw1NK0TYOHOvSZ148hr6wuZZTpVSfaFftFxadB2wm0Ia+lsTBdy2KypwwYTAGHKmpttJ0G3iTffDWA16p9px4xLGhftxtzR8SRP8ZgUbLAFmfo9JzqLElNj1TUmguD626B8D42Q34cW8O69dJj3qQ5mr1UIGPBUoN0lryPL3+qsyJv4HheEraq5AeChhsAVpftKTr9aaucEE1xczSXsmOvKp3dA0tJpoVtqdorYJ/wQzpRQohsyK08VDWdslOOV4XDxyuzI/OeA8HS3C7tF0MByBX2As7mYKer9tqe8cuVpik8zpgaN2ffIzmuoS3ZISGHvx1P3yaJAYulhIZRt7xlHKI0Sjmg20sXsgAe9I2GRxTGtpucXvQkGePMt4eaPwD5lREo2EXlvVbBQmMFp1Yz+rpDSdbF9bUB0BL6iY665CeAtbyW1FqwQYXXKO5OmcMfiGDbCuK4RYZxysaX4HOlNYwuy/LVX84lXpslG1oPgsFDIDfu7jt2NDjBR3S8zaxOr+5Oew8qG8B/cwocH/lmHXHhkt2A6VmW5f5YLts7t0VnNUDY5NvX+GGOkVYXvMNKK99cepSC7Yx8Ys84iw8AHe/WyXSpS8N3ogxM9GcEenazolZ5bDMu5/ckvwNOOeyEHeFPF/WDhguXaFnROc9QlbF+Emp7MplCijcZwgyRwIp1+sAx1BhnSfKZ5ihJyMbvyQeC9Tw0CJNceE/XdQj0EM/h+0+zgkYDPmP4EUOuVxAGIIk2FLSdcSC6cfObXpKMsKqykEn2vu55eKpe9RXTomTBXUqumddGppARwzuf77SGZpvXTuAPEpUcC2CVfYM9yq4XITrMKS2KMI2FQZAsO634f1Tlwy+zy9RdPVm+/2/ciA4fHft2bOpo/k5peYyt6Mr09WeQVmbVaRaKLdQwVu38wW9nAw6ReVmSeJZ7hPQ3syBCTDGLlE9/FkzI6Z5F74I0KjJMPasnjItlb23J/0Yh7xF2aZIXK2HO5lU77Fer6Syki5vs5GnvzHtYMzNqf/BItTAq94Bb7TyQwGIwq8l3JIa3ykQV8iOPAvc0pyImhG6IqMqX7Q0HRgXA+309TWByKnRWD6ctZ2toesOUg+bVd86CiR7fVQW1/szcHbmvo+gH7naQilEYcs2SbKyp8hyRfcc5l86SE23lsQVDU7kiD6hPQl8Tf3dkLb0RXMk06Jimr3+EsWTNRYrmEJXySPU51dWGg8IDSdDf7MQeLq4Q9L+vqaemAYO3i2QsA/e9ZbtNLD+tjD/DOSZgKIGfpxTkQmTsRO1E9j61KZ/UyNT4zucBBCLanoVg70+nMSbHa6vUouyCVEd9bSiQVKpadK/3H4FlGuuSBRjj39I8/wIqHV8EL5C8YPJZhFByBYRHd7PgIKgW57VeEXsCwCogbd9oGNuqwTou0rDeF6MesfOAzXuUchN+4S6vMKEri2go+JUl92qIG1/+doiFM7isjjWAsJUd1pxKW72Z5Z7S7I5LA9ic7A2qbq9jxCUWBbGUPp2i08z3Vm92Ii1PysDDUOePD7jlsqyUFwcC/3ksRkGtgJaop1XqjqH
Content-Type: multipart/alternative; boundary="_000_BN9PR11MB53712E1EF03FF3644B5CC048B8589BN9PR11MB5371namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN9PR11MB5371.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 64bc05fb-0d13-4b8d-dd39-08d9dabd2322
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jan 2022 20:00:12.0766 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qMW65AlFrVWAeK62rHFHgU2Y8XENdVI9U6emHM+fOvcNuCx6Q9JJQ71hwKAT0QzBUV7G8pHsgklyCFPELobGFw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1381
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.17, xbe-rcd-002.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/hkzAzx647gJuXB4HypVg-8QnipU>
Subject: Re: [OPSAWG] CALL FOR ADOPTION: Transport Layer Security Verion 1.3 (TLS 1.3) Transport Model for the Simple Network Management Protocol Version 3 (SNMPv3)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jan 2022 20:00:47 -0000


On 1/5/22 09:39, Kenneth Vaughn wrote:
Tom, Joe, Wes, et al:

I propose that we address the overarching questions first as they potentially affect the entire scope of the draft. Namely:


  1.  Can we can continue to use https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 for the TLSHashAlgorithm identifier?  Doing so would greatly simplify the update and would eliminate any revision to the SNMP-TLS-TM-MIB.  I believe Joe Clarke is taking the lead to check with the registry experts to see if this can continue to be used. If so, I propose that the next I-D be changed to offer an update to RFC 6353 (rather than a new or replacement RFC). As such, the MIB would be removed, which would shorten the I-D to just a few pages.

On this topic, I reached out to the tls-reg-review experts list on this registry.  The consensus there is that the TLSHashAlgorithm registry is for TLS 1.2 and for hashes supported by TLS < 1.3.  In other words, if new hashes were to be added here, they would imply support by TLS < 1.3.  This is obviously not desired.

The suggestion was to connect with tls@ to get additional suggestions on how to move forward.


  1.  RFC 8996 (BCP 195) updated RFC 6353 with a prohibition on using (D)TLS versions prior to 1.2. What is the status of an IETF BCP? In other words, can we reference a Best Current Practice or do we restate the requirements (i.e, is a BCP considered normative text – or is it considered to be a lower precedence since it was approved through a shortened process?). I would think that a BCP is relatively informal and that we would want to formalize the rules in our document.

The BCP is very similar to a standards-track document, and you can reference it.  I also think you can restate the requirement not to use TLS < 1.2.


  1.  RFC 6353 indicated that it was "NOT RECOMMENDED" to use a non-transport-aware security model, including USM and previous versions of SNMP. However, support for USM remained a requirement (inherited from STD 62) and other comments were included regarding implementations that supported previous versions of SNMP. Given that a system is only as secure as its weakest link, what should our position be on the use and support of USM and previous versions of SNMP?

a.     Support and enablement mandatory

b.     Support mandatory; enablement silent; use not recommended (RFC 6353 for USM)

My opinion (as a contributor) would be this option (b).

Joe

v2.23.0 | Report a Bug | By Email