Re: [P2PSIP] [OPSAWG] We have submitted a drafts on SNMP usages for P2P networks. We would like to get some suggestions from SNMP experts on the scenario and design for P2P network management. The link to the draft is in the body of this email. thanks!
peng.yonglin@zte.com.cn Fri, 08 July 2011 03:37 UTC
Return-Path: <peng.yonglin@zte.com.cn>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02A1B21F886D; Thu, 7 Jul 2011 20:37:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -90.19
X-Spam-Level:
X-Spam-Status: No, score=-90.19 tagged_above=-999 required=5 tests=[BAYES_50=0.001, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_DOUBLE_IP_LOOSE=0.76, SARE_SUB_ENC_GB2312=1.345, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WvCnopCP6ZYw; Thu, 7 Jul 2011 20:36:59 -0700 (PDT)
Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id 6333621F886B; Thu, 7 Jul 2011 20:36:58 -0700 (PDT)
Received: from [10.30.17.99] by mx5.zte.com.cn with surfront esmtp id 131323465113155; Fri, 8 Jul 2011 11:31:52 +0800 (CST)
Received: from [10.30.3.21] by [192.168.168.15] with StormMail ESMTP id 13796.3672386229; Fri, 8 Jul 2011 11:36:37 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse02.zte.com.cn with ESMTP id p683aUnd052034; Fri, 8 Jul 2011 11:36:30 +0800 (GMT-8) (envelope-from peng.yonglin@zte.com.cn)
To: Randy Presuhn <randy_presuhn@mindspring.com>
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.4 March 27, 2005
Message-ID: <OF3E0D0F61.61CE01FD-ON482578C7.0010D18A-482578C7.0013D6D6@zte.com.cn>
From: peng.yonglin@zte.com.cn
Date: Fri, 08 Jul 2011 11:36:26 +0800
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2011-07-08 11:36:32, Serialize complete at 2011-07-08 11:36:32
Content-Type: multipart/alternative; boundary="=_alternative 0013D6D2482578C7_="
X-MAIL: mse02.zte.com.cn p683aUnd052034
Cc: p2psip@ietf.org, hao.zhenwu@zte.com.cn, meng.yu@zte.com.cn, opsawg@ietf.org
Subject: Re: [P2PSIP] [OPSAWG] We have submitted a drafts on SNMP usages for P2P networks. We would like to get some suggestions from SNMP experts on the scenario and design for P2P network management. The link to the draft is in the body of this email. thanks!
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2011 03:37:00 -0000
Hi, thank you for your suggestions very much. The way of notification is the same as SNMP, which is implemented by Trap. Our security considations are as follows: There are three solutions to the security problem in SNMP Usage for RELOAD. The first option is shared key based solution, which is SNMPv3 security solution (USM). The second option is PKI based security solution, which is to use the certificate of RELOAD to authenticate and encrypt the SNMP messages. The third option is DTLS based security solution, which uses the secure DTLS links to transfer the SNMP message. The second and third options aren’t supported by current SNMP manager and agent, and need large changes. So we recommend the first option. But it’s difficult to distribute securely the keys to large numbers of agents in the SNMP security solution. In this document, we distribute the key to each agent by the certificate mechanism of RELOAD. ************************************************* 邮 件:peng.yonglin@zte.com.cn 内 线:81543 外 线:025-52871543 手 机:13776637274 传 真:025-52872187 ************************************************* "Randy Presuhn" <randy_presuhn@mindspring.com> 发件人: opsawg-bounces@ietf.org 2011-06-10 01:16 收件人 <opsawg@ietf.org> 抄送 主题 Re: [OPSAWG] We have submitted a drafts on SNMP usages for P2P networks. We would like to get some suggestions from SNMP experts on the scenario and design for P2P network management. The link to the draft is in the body of this email. thanks! Hi - > From: <peng.yonglin@zte.com.cn> > To: <opsawg@ietf.org> > Cc: <hao.zhenwu@zte.com.cn> > Sent: Wednesday, June 08, 2011 8:43 PM > Subject: [OPSAWG] We have submitted a drafts on SNMP usages for P2P networks. We would like to get some suggestions from SNMP experts on the scenario and design for P2P network management. The link to the draft is in the body of this email. thanks! > > http://tools.ietf.org/id/draft-peng-p2psip-snmp-01.txt ... Skimming the draft, it was unclear to me how a few details would work in this approach. I think it would be helpful to explicitly talk about (1) how notifications are intended to work (2) key provisioning (indeed, provisioning in general) (3) what security model is in use I *think* it might be helpful to treat this as a new transport model, but you'll need to think through just how authentication and privacy are to be handled (e.g., is it just USM atop RELOAD, or does RELOAD provide the security services?). This decision may interract with how, for example, notification and Disman targets are configured. In particular, consider whether you need to support the case where only *some* of the SNMP interractions between two systems are carried via RELOAD. Randy _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg -------------------------------------------------------- ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. This message has been scanned for viruses and Spam by ZTE Anti-Spam system.
- Re: [P2PSIP] [OPSAWG] We have submitted a drafts … peng.yonglin
- Re: [P2PSIP] [OPSAWG] We have submitted a drafts … Juergen Schoenwaelder
- [P2PSIP] 答复: Re: [OPSAWG] We have submitted a dra… peng.yonglin
- Re: [P2PSIP] 答复: Re: [OPSAWG] We have submitted a… Juergen Schoenwaelder
- [P2PSIP] 答复: Re: 答复: Re: [OPSAWG] We have submitt… peng.yonglin