Re: Protocol Action: SNMP Version 2 and SNMP Security to Proposed Standard

karl@mel-brooks.empirical.com Mon, 05 April 1993 02:32 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa11493; 4 Apr 93 22:32 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa11489; 4 Apr 93 22:32 EDT
Received: from ietf.cnri.reston.va.us by CNRI.Reston.VA.US id aa21472; 4 Apr 93 22:32 EDT
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa11477; 4 Apr 93 22:32 EDT
Received: from HQ.TGV.COM by IETF.CNRI.Reston.VA.US id aa11473; 4 Apr 93 22:32 EDT
Received: from mel-brooks.empirical.com ([161.44.128.66]) by TGV.COM via INTERNET ; Sun, 4 Apr 93 19:32:28 PDT
Received: from karl.mel-brooks by mel-brooks.empirical.com (4.1/SMI-4.1) id AA08497; Sun, 4 Apr 93 19:32:37 PDT
Date: Sun, 04 Apr 1993 19:32:37 -0700
Message-Id: <9304050232.AA08497@mel-brooks.empirical.com>
To: wbn@merit.edu
cc: gvaudre@CNRI.Reston.VA.US, iesg-secretary@CNRI.Reston.VA.US, postel@isi.edu, iab@isi.edu, snmp2@thumper.bellcore.com, snmp-sec-dev@tis.com, IESG@IETF.CNRI.Reston.VA.US
In-Reply-To: Bill Norton's message of Fri, 02 Apr 93 18:52:31 -0500 <9304022352.AA09247@merit.edu>
Subject: Re: Protocol Action: SNMP Version 2 and SNMP Security to Proposed Standard
Reply-To: karl@empirical.com
X-Orig-Sender: karl@mel-brooks.empirical.com
X-Orig-Sender: iesg-request@IETF.CNRI.Reston.VA.US
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: karl@mel-brooks.empirical.com
Repository: empirical.com
Originating-Client: mel-brooks

 >   Actually,  I'd be curious to hear the answer to these questions.
 >   Besides the four implementations from the authors, are there any others
 >   that have proven interoperability? 
 >
 >   Were these "complete" implementations ( all security stuff, bulk
 >   retrievals, etc.? )

Aside from the SNMPv2 issue, which apparently has been reviewed and has
jumped through all the correct hoops...

The words "interoperating implementations" is a bit vague.  In the
case of established protocols such as Telnet we are still finding that
a significant portion of the implementations still do things wrong.
(Just try logging into a VMS system from a Sun via a command window
with scrolling enabled.)

I've seen too many folks bounce a couple of very simple structured
packets back and forth and declare the implementation to be
"interoperable."  Further, mere interoperation doesn't reflect more
than that the basic premises of the protocol may be implemented.  It
does not prove that the protocol design itself is either error-free,
that it is an efficient design, or that it is sufficiently well worked
out that it deserves to be called an Internet Standard (whether Draft,
Proposed, or Full.)

Yet waiting for full industry acceptance and commercial grade
implementations before promoting a standard is unworkable.

So I invite discussion on the issue of what level of implementation
and experience constitutes "implementation experience" adequate to
give us real confidence that we are promoting quality protocols?

That said, we ought to focus the discussion to a more limited forum.

			--karl--