Protocol Action: SNMP Version 2 and SNMP Security to Proposed Standard

[IESG Secretary <iesg-secretary@CNRI.Reston.VA.US>]

  The IESG has approved the SNMP Version 2 and SNMP Security Protocols
  as a Proposed Standard. These protocols are the product of the SNMP
  Version 2 Working Group and the SNMP Security Working Group. The IESG
  contact person is Steve Crocker.

  This proposed standard is defined in the following documents:

 o "Introduction to version 2 of the Internet-standard Network
   Management Framework" <draft-ietf-snmpv2-intro-06.txt>.

 o "Coexistence between version 1 and version 2 of the Network
   Management Framework" <draft-ietf-snmpv2-coex-06.txt>

 o "Conformance Statements for version 2 of the Simple Network
   Management Protocol (SNMPv2)" <draft-ietf-snmpv2-conf-03.txt>

 o "Management Information Base for version 2 of the Simple Network
   Management Protocol (SNMPv2)" <draft-ietf-snmpv2-mib-06.txt>

 o "Manager to Manager Management Information Base"
   <draft-ietf-snmpv2-m2m-06.txt>

 o "Protocol Operations for version 2 of the Simple Network Management
   Protocol (SNMPv2)"

 o "Structure of Management Information for version 2 of the Simple
   Network Management Protocol (SNMPv2)" <draft-ietf-snmpv2-smi-06.txt>

 o "Textual Conventions for version 2 of the Simple Network Management
   Protocol (SNMPv2)" <draft-ietf-snmpv2-tc-06.txt>

 o "Transport Mappings for version 2 of the Simple Network Management
   Protocol (SNMPv2)" <draft-ietf-snmpv2-tm-07.txt>

 o "Administrative Model for version 2 of the Simple Network Management
   Protocol (SNMPv2)" <draft-ietf-snmpsec-adminv2-03.txt>

 o "Party MIB for version 2 of the Simple Network Management Protocol
   (SNMPv2)" <draft-ietf-snmpsec-partyv2-03.txt>

 o "Security Protocols for  version 2 of the Simple Network Management
   Protocol (SNMPv2)"  <draft-ietf-snmpsec-secv2-03.txt>

 The SNMP Security Protocols for SNMP Version 2 replace the SNMP
 Security Protocols defined which have been reclassified as Historic.
 The following documents are now Historic:

 o SNMP Administrative Model <RFC1351>

 o SNMP Security Protocols <RFC1352>

 o Definitions of Managed Objects for Administration of SNMP Parties
   <RFC 1353>

Introduction

   In March '92, the IESG issued a call for proposals on evolving the
   Internet-standard Network Management Framework.  In response to the IESG
   call, the SMP proposal was issued in July '92.  Later that month at the
   Cambridge meeting of the IETF, a BOF was held with over 200 persons in
   attendance.

   There was near-unanimous consensus that:
        - a near-term deadline would be set for other proposals;
        - in the absence of other proposals, SMP should be the basis for
          the evolution;
        - a new working group would be formed to take SMP and develop it
          into SNMP version 2 (SNMPv2);
        - the SNMP Security working group would be re-activated to align
          the SNMP security work with SNMPv2; and,
        - this work would be done on an accelerated schedule.

   The SNMPv2 and SNMP Security working groups have now completed their
   work.

Technical Summary
 
   SNMPv2 consists of several thrusts:
        - incorporation of SNMP Security with several improvements, based on
          implementation experience;
        - incorporation of bulk-retrieval and manager to manager operations;
        - refinement of the set operation based on implementation experience;
        - definition of additional data types and formalisms based on
          implementation experience;
        - transport service independence: mappings for SNMPv2 over several
          transports are defined (these mappings are aligned with the output
          of the multi-protocol SNMPv1 working group); and,
        - recording the unwritten rules of SNMP -- those rules which are
          accepted practice but, for one reason or another, were never
          documented.

   Throughout the design process, coexistence with the existing
   framework was given substantive attention.  Many design decisions
   were made by favoring coexistence over other goals.

   All 12 documents have the same editor, and there are six authors.
   The editor has ensured that the documents are consistent with one
   another.

   The three security-related documents (ADMIN, SEC, and PARTY) are
   largely identical to RFCs 1351-1353, which are Proposed Standards.
   Unfortunately, the writing clarity of some of these documents (RFCs
   1351/1352 and the two corresponding SNMPv2 documents, ADMIN and SEC)
   prevents them from being as readable as desired.  However, due to
   the pressing need to complete this work, a non-technical re-write of
   these three documents is not scheduled until after all documents
   re-enter the standards track, i.e., between the time the documents
   are published as Proposed Standards and the time they are evaluated
   for promotion to Draft Standards.  This schedule for a non-technical
   re-write is identical to the one adopted at the time RFCs 1351-1353
   were originally published.  (A non-technical re-write would
   necessitate at least a two month review period by the working group,
   a delay which would be contrary to the overwhelming consensus of the
   July 1992 IETF meeting.)

Working Group Summary

   The documents have been developed by both the SNMPv2 and SNMP
   Security working groups.  The current version of the documents have
   been available since at least January 1993 and represent the broad,
   but not unanimous, consensus of the working groups.

Protocol Quality
 
 (Who has reviewed the spec for the IESG? Are there implementations?)
 

 
   The documents meet all the requirements for entry into the standards
   track as Proposed Standards as specified in RFC 1310, i.e.,

   - RFC 1310 requires that the specifications be generally stable: and
     the SNMPv2 specification has been stable since at least January,
     1993.

   - RFC 1310 requires that the known design choices be resolved: and
     this was met through the working groups' deliberations, including
     the working groups having made choices about consideration of
     lengthy expositions of alternative design choices introduced in late
     in the process.

   - RFC 1310 requires that the documents be believed to be
     well-understood: the existence of at least one interoperable
     implementation by implementors who were not authors of the
     specifications is evidence that this requirement has been met and
     that the specifications are understandable and understood.

   - The documents are in an area of high visibility and interest and
     have received the requisite significant community review.  There
     can be no doubt that there is sufficient community interest and
     expression of value, as evidenced by the overwhelming support
     expressed in the July 1992 IETF meeting.

   - RFC 1310 requires that there be no known technical omissions with
     respect to the requirements placed upon it and there are none
     known.  The specifications are aided in this regard by their
     heritage.  Nine of the twelve documents are descendant of RFCs
     1155, 1157, 1212, 1215, 1303, and others, with which there is
     strong implementation and operational experience which guided the
     revisions.  Three of the twelve documents are direct descendants
     from RFCs 1351-1353 and benefit from that experience base.  As is
     sometimes required of specifications which materially affect the
     core Internet protocols, those documents underwent an extensive
     additional review before their original publication last year,
     resulting in a delay of six months after they were originally
     completed by the working group.  Although the security portions of
     SNMPv2 are slightly different than RFCs 1351-1353, an additional
     delay in order to obtain further security review is inappropriate
     at this time because such a delay is unlikely to be fruitful.  The
     past security review did not uncover problems which were later
     uncovered through implementation and deployment.  Furthermore, the
     IAB's security expertise and the SAAG have already been repeatedly
     invited to review and provide comments on the changes in the
     security aspects which were first identified in July, 1992.  No
     problems have been identified nor have any suggested changes have
     been forwarded to date as a result of these invitations.  As a
     result, implementation and deployment of SNMPv2 as a Proposed
     Standard is a more productive method of security review than
     another delay of six months.

   Finally, according to RFC 1310, implementation experience is not
   required of Proposed Standards, although highly desirable.  As of
   this writing, five independent, interoperable implementations are
   known to exist.  The fifth was produced by an implementor who is not
   an author of any of these documents.  Other implementations are
   underway.  Two of the current implementations will be made
   openly-available as reference implementations.