Protocol Action: SNMP Version 2 and SNMP Security to Proposed Standard
IESG Secretary <iesg-secretary@CNRI.Reston.VA.US> Fri, 02 April 1993 14:09 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa02111; 2 Apr 93 9:09 EST
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa02105; 2 Apr 93 9:09 EST
Received: from ietf.cnri.reston.va.us by CNRI.Reston.VA.US id aa07066; 2 Apr 93 9:09 EST
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa02088; 2 Apr 93 9:08 EST
Received: from [127.0.0.1] by IETF.CNRI.Reston.VA.US id aa02084; 2 Apr 93 9:08 EST
To: IETF-Announce:;
Cc: Jon Postel -- RFC Editor <postel@isi.edu>
Cc: Internet Architecture Board <iab@isi.edu>
Cc: snmp2@thumper.bellcore.com
Cc: snmp-sec-dev@tis.com
Cc: The Internet Engineering Steering Group <IESG@IETF.CNRI.Reston.VA.US>
X-Orig-Sender: iesg-request@IETF.CNRI.Reston.VA.US
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: IESG Secretary <iesg-secretary@CNRI.Reston.VA.US>
Subject: Protocol Action: SNMP Version 2 and SNMP Security to Proposed Standard
Date: Fri, 02 Apr 1993 09:08:43 -0500
X-Orig-Sender: gvaudre@CNRI.Reston.VA.US
Message-ID: <9304020908.aa02084@IETF.CNRI.Reston.VA.US>
The IESG has approved the SNMP Version 2 and SNMP Security Protocols as a Proposed Standard. These protocols are the product of the SNMP Version 2 Working Group and the SNMP Security Working Group. The IESG contact person is Steve Crocker. This proposed standard is defined in the following documents: o "Introduction to version 2 of the Internet-standard Network Management Framework" <draft-ietf-snmpv2-intro-06.txt>. o "Coexistence between version 1 and version 2 of the Network Management Framework" <draft-ietf-snmpv2-coex-06.txt> o "Conformance Statements for version 2 of the Simple Network Management Protocol (SNMPv2)" <draft-ietf-snmpv2-conf-03.txt> o "Management Information Base for version 2 of the Simple Network Management Protocol (SNMPv2)" <draft-ietf-snmpv2-mib-06.txt> o "Manager to Manager Management Information Base" <draft-ietf-snmpv2-m2m-06.txt> o "Protocol Operations for version 2 of the Simple Network Management Protocol (SNMPv2)" o "Structure of Management Information for version 2 of the Simple Network Management Protocol (SNMPv2)" <draft-ietf-snmpv2-smi-06.txt> o "Textual Conventions for version 2 of the Simple Network Management Protocol (SNMPv2)" <draft-ietf-snmpv2-tc-06.txt> o "Transport Mappings for version 2 of the Simple Network Management Protocol (SNMPv2)" <draft-ietf-snmpv2-tm-07.txt> o "Administrative Model for version 2 of the Simple Network Management Protocol (SNMPv2)" <draft-ietf-snmpsec-adminv2-03.txt> o "Party MIB for version 2 of the Simple Network Management Protocol (SNMPv2)" <draft-ietf-snmpsec-partyv2-03.txt> o "Security Protocols for version 2 of the Simple Network Management Protocol (SNMPv2)" <draft-ietf-snmpsec-secv2-03.txt> The SNMP Security Protocols for SNMP Version 2 replace the SNMP Security Protocols defined which have been reclassified as Historic. The following documents are now Historic: o SNMP Administrative Model <RFC1351> o SNMP Security Protocols <RFC1352> o Definitions of Managed Objects for Administration of SNMP Parties <RFC 1353> Introduction In March '92, the IESG issued a call for proposals on evolving the Internet-standard Network Management Framework. In response to the IESG call, the SMP proposal was issued in July '92. Later that month at the Cambridge meeting of the IETF, a BOF was held with over 200 persons in attendance. There was near-unanimous consensus that: - a near-term deadline would be set for other proposals; - in the absence of other proposals, SMP should be the basis for the evolution; - a new working group would be formed to take SMP and develop it into SNMP version 2 (SNMPv2); - the SNMP Security working group would be re-activated to align the SNMP security work with SNMPv2; and, - this work would be done on an accelerated schedule. The SNMPv2 and SNMP Security working groups have now completed their work. Technical Summary SNMPv2 consists of several thrusts: - incorporation of SNMP Security with several improvements, based on implementation experience; - incorporation of bulk-retrieval and manager to manager operations; - refinement of the set operation based on implementation experience; - definition of additional data types and formalisms based on implementation experience; - transport service independence: mappings for SNMPv2 over several transports are defined (these mappings are aligned with the output of the multi-protocol SNMPv1 working group); and, - recording the unwritten rules of SNMP -- those rules which are accepted practice but, for one reason or another, were never documented. Throughout the design process, coexistence with the existing framework was given substantive attention. Many design decisions were made by favoring coexistence over other goals. All 12 documents have the same editor, and there are six authors. The editor has ensured that the documents are consistent with one another. The three security-related documents (ADMIN, SEC, and PARTY) are largely identical to RFCs 1351-1353, which are Proposed Standards. Unfortunately, the writing clarity of some of these documents (RFCs 1351/1352 and the two corresponding SNMPv2 documents, ADMIN and SEC) prevents them from being as readable as desired. However, due to the pressing need to complete this work, a non-technical re-write of these three documents is not scheduled until after all documents re-enter the standards track, i.e., between the time the documents are published as Proposed Standards and the time they are evaluated for promotion to Draft Standards. This schedule for a non-technical re-write is identical to the one adopted at the time RFCs 1351-1353 were originally published. (A non-technical re-write would necessitate at least a two month review period by the working group, a delay which would be contrary to the overwhelming consensus of the July 1992 IETF meeting.) Working Group Summary The documents have been developed by both the SNMPv2 and SNMP Security working groups. The current version of the documents have been available since at least January 1993 and represent the broad, but not unanimous, consensus of the working groups. Protocol Quality (Who has reviewed the spec for the IESG? Are there implementations?) The documents meet all the requirements for entry into the standards track as Proposed Standards as specified in RFC 1310, i.e., - RFC 1310 requires that the specifications be generally stable: and the SNMPv2 specification has been stable since at least January, 1993. - RFC 1310 requires that the known design choices be resolved: and this was met through the working groups' deliberations, including the working groups having made choices about consideration of lengthy expositions of alternative design choices introduced in late in the process. - RFC 1310 requires that the documents be believed to be well-understood: the existence of at least one interoperable implementation by implementors who were not authors of the specifications is evidence that this requirement has been met and that the specifications are understandable and understood. - The documents are in an area of high visibility and interest and have received the requisite significant community review. There can be no doubt that there is sufficient community interest and expression of value, as evidenced by the overwhelming support expressed in the July 1992 IETF meeting. - RFC 1310 requires that there be no known technical omissions with respect to the requirements placed upon it and there are none known. The specifications are aided in this regard by their heritage. Nine of the twelve documents are descendant of RFCs 1155, 1157, 1212, 1215, 1303, and others, with which there is strong implementation and operational experience which guided the revisions. Three of the twelve documents are direct descendants from RFCs 1351-1353 and benefit from that experience base. As is sometimes required of specifications which materially affect the core Internet protocols, those documents underwent an extensive additional review before their original publication last year, resulting in a delay of six months after they were originally completed by the working group. Although the security portions of SNMPv2 are slightly different than RFCs 1351-1353, an additional delay in order to obtain further security review is inappropriate at this time because such a delay is unlikely to be fruitful. The past security review did not uncover problems which were later uncovered through implementation and deployment. Furthermore, the IAB's security expertise and the SAAG have already been repeatedly invited to review and provide comments on the changes in the security aspects which were first identified in July, 1992. No problems have been identified nor have any suggested changes have been forwarded to date as a result of these invitations. As a result, implementation and deployment of SNMPv2 as a Proposed Standard is a more productive method of security review than another delay of six months. Finally, according to RFC 1310, implementation experience is not required of Proposed Standards, although highly desirable. As of this writing, five independent, interoperable implementations are known to exist. The fifth was produced by an implementor who is not an author of any of these documents. Other implementations are underway. Two of the current implementations will be made openly-available as reference implementations.
- Protocol Action: SNMP Version 2 and SNMP Security… IESG Secretary
- Re: Protocol Action: SNMP Version 2 and SNMP Secu… karl
- Re: Protocol Action: SNMP Version 2 and SNMP Secu… Greg Vaudreuil
- Re: Protocol Action: SNMP Version 2 and SNMP Secu… Bill Norton
- Re: Protocol Action: SNMP Version 2 and SNMP Secu… Stephen D Crocker
- Re: Protocol Action: SNMP Version 2 and SNMP Secu… karl