Margaret,
None of this seems very material to the ISMS discussion, though...
Today SNMP (whether it is running over UDP or TCP) doesn't have the
call home feature. Do you really think it is reasonable to tie the
addition of that feature to the definition of a new security
mechanism for the existing SNMP protocol? If so, why?
Today's SNMP (whether it is running over UDP or TCP) has datagram-based
security (or no security). What the ISMS WG is proposing to do is to
introduce session-based security. The definition of session-based
security will need to decide how to tie the security in one direction
with the security in the other direction, and the factors involved in
such a tie include a subset of the requirements for Call Home.
IMO, we need to try to do our work in manageable chunks in the right
groups/areas. A security area working group working on a new
security mechanism for the existing SNMP model is one chunk. Perhaps
an OPS area WG working on an optional SNMP call home mechanism is
another...? I don't see how the level of change/disruption to the
vendor community is substantially affected by whether these two
separate mechanisms are defined in one IETF working group or two.
If there are going to be two WGs, then the split between them needs to
be non-overlapping. With the split you propose, there is a common
subset of the two, and if the common subset is defined in different WGs,
they are likely to make incompatible decisions, i.e., the Call Home
won't be able to work over session-based security.
Keith.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf