BTW, nothing about your note explains to me why you think that this
mechanism should be defined in a Security area WG that is working on a
completely separable problem.
The intent of ISMS is for SNMP to share common security infrastructure,
and in particular, common security infrastructures which are
session-based. So, ISMS has decided that "session-based security" is
needed, which is an architectural departure from the "datagram-based
security" previously specified by the Net Mgmt Area (to see why, see **
below.)
Therefore, I suggest the problem is only *partially* separable.
Call-Home involves two issues: 1) the passing through
Firewalls/whatever issue which is completely separable, and 2) the
session v. datagram issue which is not separable. Specifically, the
non-separable part is about who sets up the session, and what types of
messages can be sent on a session which was setup by a device
calling-home.
If you really think that defining call
home for SNMP is something that the IETF should do, I would encourage
you to get together with Eliot and request a BOF in the OPS area.
That's because I haven't formed an opinion on it. My main point
is that this doesn't seem to me to be any sort of wildly divergent
architectural proposition, at least on the front of who "initiates"
a connection. As Harald pointed out, I really can't see how you'd
prevent some industrious developers from using SNMP in this way
regardless of how the working group is chartered, and from that
standpoint it might be better to get ahead of the ball on it if
it were inevitable, and it does seem to have a fair number of
security considerations.
Exactly.
My concerns with the charter are:
1. that if the charter declares Call-Home as out-of-scope, then there
will be technical/architectural issues which are relevant but cannot
be discussed because they are out-of-scope, and
2. consequently, the decisions made might well end up such that they
cannot even be extended later to support Call-Home.
3. and if so, nobody will want to define (at a later date) yet another
SNMP Security Model even if that is the only way to support Call-Home.
Keith.
** In "session-based security", only one SNMP user can use the session
at a time. In contrast, the current SNMP architecture assumes
"datagram-based security", in which security is carried in every SNMP
message independent of any session/connection. Consider that RFC 3430
(SNMP-over-TCP) says:
It is RECOMMENDED that implementors consider the security features as
provided by the SNMPv3 framework in order to provide SNMP security.
Specifically, the use of the User-based Security Model STD 62, RFC
3414 [10] and the View-based Access Control Model STD 62, RFC 3415
[11] is RECOMMENDED.
In USM, each message has its own security, e.g., two different SNMP
users can be using the same TCP connection at the same time. ISMS's
proposal for SNMP-over-SSH will require all SNMP messages on one SSH
session to be for the same SNMP user.
Also remember that the security parameters of a USM message are
dependent on the PDU type contained in the message (specificially,
whether the sender or receiver is "authoritative"). So, "what types
of messages can be sent on a session which was setup by a device
calling-home" is both a security and an architectural issue.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf