[Secdispatch] TLSTM Update Draft

Kenneth Vaughn <kvaughn@trevilon.com> Mon, 29 March 2021 20:59 UTC

Return-Path: <kvaughn@trevilon.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 35BB93A2167 for <secdispatch@ietfa.amsl.com>; Mon, 29 Mar 2021 13:59:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=trevilon.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id nVeDe_-t1OCz for <secdispatch@ietfa.amsl.com>; Mon, 29 Mar 2021 13:58:59 -0700 (PDT)
Received: from tre.trevilon.com (tre.trevilon.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D1633A2164 for <secdispatch@ietf.org>; Mon, 29 Mar 2021 13:58:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=trevilon.com; s=default; h=To:Date:Message-Id:Subject:Mime-Version: Content-Type:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=o64iT8L9m6HX/am8goU/GN7PwwUlWiFMIjcM3b29obg=; b=AyUFA0N5hhamjwvJK6yuIPQwiq r3S9kfl6SztK6tSseZPNMxC3TaI4i2Sp227zRPSPe9hXpjkvuOZT9XoB/s6DcJk2DRnIvpaHjp0e4 41hbgE7T2H6SNrpyUgsWO3zWs;
Received: from 75-148-252-134-houston.hfc.comcastbusiness.net ([]:63229 helo=[]) by tre.trevilon.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <kvaughn@trevilon.com>) id 1lQyyQ-0003Rc-73 for secdispatch@ietf.org; Mon, 29 Mar 2021 20:58:58 +0000
From: Kenneth Vaughn <kvaughn@trevilon.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C0A31CAF-68C0-4F29-B4C8-B1E52C683A2C"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
Message-Id: <26F542F7-CBF8-4EFB-9581-296CDE5A8322@trevilon.com>
Date: Mon, 29 Mar 2021 15:58:57 -0500
To: secdispatch@ietf.org
X-Mailer: Apple Mail (2.3654.
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - tre.trevilon.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - trevilon.com
X-Get-Message-Sender-Via: tre.trevilon.com: authenticated_id: kvaughn@trevilon.com
X-Authenticated-Sender: tre.trevilon.com: kvaughn@trevilon.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/ZQOQWCJKcdnVKH51eUP72QbTf1M>
Subject: [Secdispatch] TLSTM Update Draft
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Mar 2021 23:46:34 -0000


I would like to present https://datatracker.ietf.org/doc/draft-vaughn-tlstm-update/ <https://datatracker.ietf.org/doc/draft-vaughn-tlstm-update/> 

This document is a proposal to update to RFC 6353 (TLS Transport Model for SNMP) to reflect the needs of TLS 1.3. 

As a little bit of background, SNMP is widely used within Intelligent Transportation Systems (ITS) to monitor, manage and control field devices, as defined in the National Transportation Communication for ITS Protocols (NTCIP) standards, ISO standards, and specifications in the United Kingdom. As you may know, CISA has declared the transportation infrastructure to be “critical infrastructure”, and the ITS community is very interested in ensuring that this infrastructure is adequately protected, especially as these systems are increasingly relied upon by modern connected vehicles. 

RFC 6353 defines how to use (D)TLS 1.2 authentication to control data access within SNMP. Unfortunately, its design is not entirely compatible with TLS 1.3. As such, the ITS community is interested in producing an update to RFC 6353 and believes it would be in everyone's best interests to produce this document as an IETF publication, assuming that its development can proceed in a timely manner. 

In an effort to promote further discussion on this topic, the NTCIP and ISO communities have requested that I reach out to the IETF to initiate a conversation on this topic and I have been informed that this email list is the appropriate location to start such discussions. There is also a presentation available at https://trevilon.com/download/RFC6353Proposal.pptx <https://trevilon.com/download/RFC6353Proposal.pptx> that explains the motivation behind this update proposal. 

Many thanks for your considerations and I look forward to our future discussions. Please let me know if you have any questions.

Ken Vaughn
Trevilon LLC