IETF Logo Mail Archive

Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tlstm-update-03.txt

Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de> Thu, 05 May 2022 15:33 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07EAAC15E6D7 for <opsawg@ietfa.amsl.com>; Thu, 5 May 2022 08:33:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uMIb5VqRsNsp for <opsawg@ietfa.amsl.com>; Thu, 5 May 2022 08:32:56 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50046.outbound.protection.outlook.com [40.107.5.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C86FFC159492 for <opsawg@ietf.org>; Thu, 5 May 2022 08:32:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GZ8OeDaHLzAFKXVAaGDZ5+xHSxbjGbSCvwyPKLRp4r5WO0Mf/Ct0eKwwMgL39GNwkJdBWF3pzAX7yGp4MP74ccf439wsY/cB7tXv5AIlvin5FFrB42LZBRn81y2CapGaJ0jR92E59zCC0j2hreOeO2XcCSOu3/FGmpXqTwl3kcGjy9HYA5XLttFdAmXllep61Mk5MBGrt7QQt0+n8EXdTOU22kq7d4dU4neTmSwWYGjXpOz1fcyTA3mpbNFdiOK8+wZGFUfh6hZFMdKG2uOaAYE5WgpWlnW1Gp0zxZ45BDQgR70ik4EaKE2ygQpQTa/MVswFN/5Hw+6ruuXu3qjIRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8DQkxMVR1cYUCvVUVTtFgwEuIOabedIM8GdZR2mjY3k=; b=h+hdDVsNvvkJyLlZks9IS0NA//TMvqM7HR0SHhiiu+M7DrpJoFVb7B9qH0qRfzUz2uZdk6qiPJBbL+ypDW0Z8REvG0o9fMlj7mGzXRfUOlmX8ZKJ8W+ikIV66NIjkAKicNkoYqkzlk9sBQlxP0sUcn9TtrC2mh4Ge2dUKYtksjEiy9UWl5CizS6r1Yn1rocnCxCtncl3uq8NbTgAXGVloqxxohsKt8u9uUoklehj/KtVnfDLOZzc3RAGfQyS4tZdXoHAo/VSdmsn7ANUd3IIBIj5RUCUqpAq97UiwhJPgG7YKV9uSLDSevhOKTalIsLPDPUgflR2DfSSDvXVx+I+Dg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8DQkxMVR1cYUCvVUVTtFgwEuIOabedIM8GdZR2mjY3k=; b=WUS0725C2q7t5VI55Rc+bNZ4rvSS0q6LwfH8rU+DWxwKjkKPjFJe2qjkfYFi+OcxudJL98Jgcb9Erot/2A0cQrQ4osmHefWqTAkDWNNb0KwHPYy5dQJJ2jOZdxwIYlhxpX7jNtyg07zAGL9vutwHrpGTI7v9bZTn3KTr1kL1v8Y=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=jacobs-university.de;
Received: from GVXP190MB1991.EURP190.PROD.OUTLOOK.COM (2603:10a6:150:3::6) by DBAP190MB1000.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:1a1::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.14; Thu, 5 May 2022 15:32:51 +0000
Received: from GVXP190MB1991.EURP190.PROD.OUTLOOK.COM ([fe80::c4b3:7e29:1f2e:f73e]) by GVXP190MB1991.EURP190.PROD.OUTLOOK.COM ([fe80::c4b3:7e29:1f2e:f73e%3]) with mapi id 15.20.5206.014; Thu, 5 May 2022 15:32:51 +0000
Date: Thu, 05 May 2022 17:32:50 +0200
From: Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de>
To: Kenneth Vaughn <kvaughn@trevilon.com>
Cc: opsawg@ietf.org
Message-ID: <20220505153250.5a5sqznqye43snkf@anna>
Reply-To: Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Kenneth Vaughn <kvaughn@trevilon.com>, opsawg@ietf.org
References: <165176326806.21170.7970429698376920855@ietfa.amsl.com> <25605241-AA65-45C9-A9BF-8FAF23F5CAA0@trevilon.com>
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <25605241-AA65-45C9-A9BF-8FAF23F5CAA0@trevilon.com>
X-ClientProxiedBy: AM0PR07CA0015.eurprd07.prod.outlook.com (2603:10a6:208:ac::28) To GVXP190MB1991.EURP190.PROD.OUTLOOK.COM (2603:10a6:150:3::6)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 1fb3d97c-dd8e-4527-0307-08da2eac8434
X-MS-TrafficTypeDiagnostic: DBAP190MB1000:EE_
X-Microsoft-Antispam-PRVS: <DBAP190MB1000FD6951F567948B9E4BBEDEC29@DBAP190MB1000.EURP190.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: oZni4NoqSXB/gCglGgcl+IZw/VEwl5P49ZRCc+/9SGqhkfJjXpb9Mhp9VLWBtgmDGMqCpz7e20V3xq5Iue48BBDSsCeXP4NB3WfT4ibweFH29yorAc4++pfH+HaKzVEYxqacBIqVrS4gYnEcihxWDWVxrzlicQ+EEmd9cv+o3vwwGKZillcgFNvAEhcU6/qU2M7/PPLfGOsZMJwtaO+22aoOcw3JIyyP4D3lHk9mTuMtitJ0aNmbMeTcs/7u3X/ODGxQoyM2VCVt26hF9Mg/Tdxc2wMGlzicTQ+UD76nFkwcO1LN+OkEbx9ragFSNX9Y43UeXL6qLigXLHYl8YvDg96KyAJ7mCoWNE0u4sb9bdlFZhDlY/t6be4EESEq/+KU8O0lOe26m/LIlCE1+kElx83g90CLGwv10rjFeCOaKOTpFjO3x2c5tFM/zA8Ggi2tbgkiMvO98PvYjlek/nfVWU/A2BgQB0v4xMTTA+U2gf1kN03V3apFyp8GP0EKXJpVcO8xy35kHqHOIzxL5N4n7svVAJhzgdO6w90RLh0U6smcerx+lo8uGeR9/Ob37H4fV7aYnVE1/eMr5CtJOonQUAb3KlLDrJud95QKPuOA4iXQEKTWylgA19c3rXvg5WfFp1dHgNVgjbNXpceFpZzPVD+2evZWfERBdq/VjbeaNBSTCgcrx3lM1fEZwcCs5Kjw7QHrRDFyIr+UjN+Ajz9ABSYTgo67z3sUnXGmqnxtVk/KpSRw1EZifPYX3ZQUPUM5uxy00Z0TcGB771mDIWEn1Gc2QdWdZbtUm8wh2/pMc7W0CrpjqUO861VV79cj3ToP5VDZ2OsrELO4rMnvDdb9Ug==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXP190MB1991.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(7916004)(366004)(8936002)(86362001)(66556008)(66476007)(40140700001)(66946007)(8676002)(508600001)(15974865002)(4326008)(966005)(6486002)(53546011)(33716001)(6512007)(316002)(85202003)(2906002)(786003)(26005)(5660300002)(186003)(38100700002)(38350700002)(1076003)(9686003)(3450700001)(83380400001)(85182001)(66574015)(15650500001)(6916009)(6506007)(52116002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: Q8YWCB7pVCp7M8x/44lVymvFqxeSz+zWAX5IzKpfYeXTKNP7n8T9AaSAGqXDevAsBbL+prbKyY5wb5sFJ3cVXq01uU6tB376dI6xBOEGG0aGyR0eHtNrFmaak6wM01YlJpNhYIkMnJt1r5wMkZpawDaa+wUV7+fqyuUW0lL0AH/G6wYzP4enEU2R4m5BX07Sz0E475nt/yLWSoapktr+fHCEQk0qzs/8rBlvbgNs8PE0u/RzDzuAIX+77GA7tfuLL65gtiFReC8bip61nuSnkEiPNf/xdf5qhCHKT3bc1bTfE5ZTykFwqJ/iWTEB19zmmqWu9DLsZIWVA378j47bfq3wSA2sPKaxDXCdkKAQ1DMOsztjRILH7vWVooBbXeiKKYPGzLJ/biFvjhPrRMGjWDbg/kEzxRLS08OVhGKbpdxOA+4ZKQq3f0Uj2o1q/pk7vlzU4xUSh03YNyIl/FbXjg2l01jjw9TX4bZgB1X64z4o3Ud6t/jSWlgtQ8OTTLIYKyYNsXMa/htv3hYFmitvepFxLmNqEgTxs7kI22d6aq/txgiUPxOdH6Pz4eOwi/8Z7B+kO0Lv2SAfzOvsVRDCleJ12BzvUVXeKo35iQCqCwULscmlZuhUhpY0kl0dlByjpE6jXozCOJl+imScZ1EPD5A/21vB8fPR57L9e+fJTJT/v+F+AA2mOIdtcyw/TpADfwmu3PguTKpEWgPPZQK/pNTHiNFhpLVp2KKXxnoDSImNABBhNmLIvev7tM+C9hq4rrvHFIBga6RUt0g6kj+x32Z/JMVE+JjAAKJhRy0W56NP71AdJRWscpDqgx4gTcOI41nXNLymoDdjV2YUJQegavkGHYKYvmRXsMhIzsqTcv6eeMPPeUdpHTBWw2fntwo9DFjJj8U39uTnHuEh+kwRhep2Xt3N5FB82bXYPSbt7y89HA8VmMRXPJLcCODXtYZGt9Jv5XUbfI1FK0RoPYF9ac8vVtFoHDzr6vAASFbRgX0Wo80Dscy8jk+5jCZrLW0/XqAmOZyp7xSE0t02jpW5ydpXqflMRESONvveHfFGzNuwEU8brXooYi/dtIorj1Eox4ID35qrQ1CzenTxaMnIVJ6O9+JDGyUWs29Ewfped9n88/w6ENdUkugVKm8Nw0HNOQb72frVxbFaCgVufQcksx/rbiFSTSWustHZfRyz4+MKeS6NLNq3z7RHPGqnPjnXVnX5LvAA6JzLrT9h/gILUtlR828BPf5g62WVfXecl/bBu02AsNRIfVI1oNfc/lzv1GPF+WyBipHm0YC+M5dwtfdwtDPxjfFhVqWOiPDEXFKCPfWcVeOT76hQ9ZuRPUJTBabyJxvNy9ngBQE519E5Cl0bfp7cuwJsbd/9Xq//+nnwkwuNamOd8nXSl429neciOVx9RVxbSvYntNyYJFKksNSjXqiKTn7qjoVqCff7iB0ngqO8ciGNEovXBb5o2jsA0HXtRHtUrbTbHO2hJbxsyNBxo8CtTessqoBlHiBR2fAkxaKoVLQTHQtaGEYvBBTN1WcQwbO2vAimQgVs4nDJVdXfpjHQdRXg8nTZh1qboeATfXiSPLb4absb8Muo5q/ofww4MV4CDFz/w621i0QofnEZXm5STzPtjMpiZnRQv7p0aoiYTLh9lmm4VsnMvC6mVp6ny1GgmZzxB5aHDoCDPXWzc9yrB2O4ugCr885rIwBZtc1hzWMP9AK2o8GvLNIgalRMn1EBk02+s7MiGXqikiF5KHKzzdqERjcP+wiH6t07c2mTmhKzDjKMhVatXopK
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 1fb3d97c-dd8e-4527-0307-08da2eac8434
X-MS-Exchange-CrossTenant-AuthSource: GVXP190MB1991.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 May 2022 15:32:51.5801 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: H5zeJc5MYU2YHkDwDz4b/TlcYYKgPb9rLb0NLNrufDO6AW0m//TZ5fvb9S+VCCujzC2EArsWvJEdbySCuMqXEM48ht6QduE5JNb9YOhgE0U=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAP190MB1000
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/xN5yJe3w_INdWf1rdam_X2AHayY>
Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tlstm-update-03.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2022 15:33:00 -0000

Before I go and check the details...

   [...] TLSTMv1.3 MUST only be used with
   (D)TLS version 1.2 and later.

What does this MUST tell me? There is no definition of TLSTMv1.3 nor
do we version MIB modules. I understand the intention of the statement
but we need to be more careful about the wording.

And what about this:

   [...] In addition, a new entry
   MUST be added to the SNMP-TLSTM HashAlgorithm Registry every time a
   new hash algorithm is approved for any version of TLS or DTLS.

Why would that be a MUST? The SnmpTLSFingerprint is used by the MIB
module to hash certificates and as such this hashing has nothing to do
with any TLS internal use of hash algorithms. The reuse of the TLS
hash registry back then was a matter of convenience, not a matter of
having a strong binding to the TLS internal usage of hash algorithms.

/js

On Thu, May 05, 2022 at 10:09:45AM -0500, Kenneth Vaughn wrote:
> I have uploaded a new version of the "Updates to the TLS Transport Model for SNMP". This version includes the following changes:
> Changed the name of the registry to the SNMP-TLSTM registry
> Updated reference to DTLS 1.3 to reflect the publication of RFC 9147
> Clarified the first paragraph of Conventions to indicate that references to TLS, DTLS, (D)TLS, and TLSTM are version neutral except where specific versions need to be cited.
> Changed "SNMPv3" to "SNMP" in several locations where the specific version reference was unnecessary with our convention statement
> Indicated that Additional Rules for TLS 1.3 "may additionally apply to future versions of TLS" 
> The document has been through several review cycles and has also been vetted by the TLS WG. At this point, changes are primarily editorial and I believe it is stable enough to proceed to the next step of the approval process.
> 
> Regards,
> Ken Vaughn
> 
> Trevilon LLC
> 6606 FM 1488 RD #148-503
> Magnolia, TX 77354
> +1-936-647-1910
> +1-571-331-5670 cell
> kvaughn@trevilon.com
> www.trevilon.com
> 
> > On May 5, 2022, at 10:07 AM, internet-drafts@ietf.org wrote:
> > 
> > 
> > A New Internet-Draft is available from the on-line Internet-Drafts directories.
> > This draft is a work item of the Operations and Management Area Working Group WG of the IETF.
> > 
> >        Title           : Updates to the TLS Transport Model for SNMP
> >        Author          : Kenneth Vaughn
> > 	Filename        : draft-ietf-opsawg-tlstm-update-03.txt
> > 	Pages           : 30
> > 	Date            : 2022-05-05
> > 
> > Abstract:
> >   This document updates the TLS Transport Model (TLSTM), as defined in
> >   RFC 6353, to reflect changes necessary to support Transport Layer
> >   Security Version 1.3 (TLS 1.3) and Datagram Transport Layer Security
> >   Version 1.3 (DTLS 1.3), which are jointly known as "(D)TLS 1.3".
> >   This document is compatible with (D)TLS 1.2 and is intended to be
> >   compatible with future versions of SNMP and (D)TLS.
> > 
> >   This document updates the SNMP-TLS-TM-MIB as defined in RFC 6353.
> > 
> > 
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-ietf-opsawg-tlstm-update/
> > 
> > There is also an HTML version available at:
> > https://www.ietf.org/archive/id/draft-ietf-opsawg-tlstm-update-03.html
> > 
> > A diff from the previous version is available at:
> > https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tlstm-update-03
> > 
> > 
> > Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
> > 
> > 
> > _______________________________________________
> > OPSAWG mailing list
> > OPSAWG@ietf.org
> > https://www.ietf.org/mailman/listinfo/opsawg
> > 
> 

> _______________________________________________
> OPSAWG mailing list
> OPSAWG@ietf.org
> https://www.ietf.org/mailman/listinfo/opsawg


-- 
Jürgen Schönwälder              Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email