home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1994 March
/
Internet Info CD-ROM (Walnut Creek) (March 1994).iso
/
inet
/
ietf
/
92jul
/
snmpseci-minutes-92jul.txt
< prev
next >
Wrap
Text File
|
1993-02-17
|
7KB
|
173 lines
Editor's Note: Minutes received on 7/31
CURRENT_MEETING_REPORT_
Reported by Keith McCloghrie/Hughes
Minutes of the SNMP Security Implementors' BOF (SNMPSECI)
A BOF session for SNMP Security Implementors was held during the Boston
IETF meeting on July 13, 1992. The BOF's purpose was to allow
implementors to share their implementation experiences. The meeting was
Chaired by Keith McCloghrie. Jim Galvin sent his apologies for not
being able to attend.
The meeting began with a review of the status of SNMP Security:
o RFCs 1351, 1352, 1353 have been published with Proposed Internet
Standard status,
o The RFCs have lots of editorial changes from the Internet Drafts
which the Working Group had approved, but
o The only change affecting implementations was the assignment of
OBJECT IDENTIFIERs under the mib-2 branch.
After reviewing the status, the meeting was opened to questions and
comments from the attendees. An informal poll of the audience indicated
that at least six implementations of secure SNMP existed. The
discussion topics included:
o Export issues
o Clock synchronization
o Access control granularity
o MD5/DES performance overhead
o BER encoding
o Relation to SMP
o ``Next steps'' for the RFCs.
During the discussion of export issues, some (second-hand) information
was presented on a proposal being considered by NIST for an ``improved''
process for U.S. export control of cryptography.
The discussion on clock synchronization raised the issue of how SNMP
Security relates to the recent SMP specification, since a change to
clock synchronization is proposed by the SMP specification. Thus, each
of the changes to SNMP Security being proposed as part of SMP were
presented. In particular, in the area of clock synchronization, SMP
simplifies the algorithm by including both the destination party's clock
as well as the source party's clock in the authInfo structure of a
message; this removes the need for a SetRequest to be issued (in the
``case 1'' scenario described in RFC 1352). Another suggestion
1
concerning clock synchronization was the use of automatic, ``on the
fly'' synchronization of clocks whenever an application requests a
message be sent to an agent which it hasn't recently communicated with.
In other discussions, the impact on performing access control on MIB
views with instance-level granularity was discussed, particularly the
performance aspects of it.
Performance was also discussed in regard to the overhead of MD5 and DES.
Feedback from newer implementations was compared to previously known
information, and was found to be within the same ballpark. David
Partain's article in the July issue of ``The Simple Times'' was
mentioned as a source of more information.
One implementor indicated that differences in BER encodings by different
implementation could cause problems. The authDigest value calculated on
the SnmpAuthMessage by the receiving entity has to match the authDigest
value contained in the message when these values are compared during
authentication processing. In particular, ISO 8825 allows multiple
valid encodings of a length field. Thus, the receiving entity must not
perform an independent BER serialization/encoding, but must use the same
serialized value as it received. Not only is this necessary but it can
also be beneficial, since it allows implementors to minimize the number
of times BER encodings are performed in their code.
Several attendees raised questions on the ``next steps'' for secure SNMP
in light of the changes outlined in the SMP documents. There were
questions on whether the SNMP Security RFCs would be updated and when.
Additionally, there were questions on whether implementors should ``hold
off'' on implementing SNMP Security until the status of SMP/SNMP II was
known. Attendess were urged to participate in the SMP BOF scheduled for
later in the week where these issues would be discussed.
Attendees
Steve Alexander stevea@i88.isc.com
David Arneson arneson@ctron.com
Jim Barnes barnes@xylogics.com
Andy Bierman bierman@davidsys.com
Tom Brennan
David Bridgham dab@epilogue.com
Theodore Brunner tob@thumper.bellcore.com
Lida Carrier lida@apple.com
Robert Ching natadm!rching@uunet.uu.net
Chris Chiotasso chris@artel.com
Tracy Cox tacox@sabre.bellcore.com
Cathy Cunningham cmc@microcom.com
James Davin jrd@ptt.lcs.mit.edu
Michael Davison davison@cs.utk.edu
David Engel david@ods.com
Michael Erlinger mike@lexcel.com
Rob Graham robert_graham@protools.com
Pria Graves priag@nsd.3com.com
2
Jeff Hughes jeff@col.hp.com
Ronald Jacoby rj@sgi.com
Frank Kastenholz kasten@ftp.com
Nick Kawaguchi mamster@lanai.cs.ucla.edu
Mark Kepke mak@cnd.hp.com
Kenneth Key key@cs.utk.edu
Deidre Kostick dck2@sabre.bellcore.com
Hock-Koon Lim lim@po.cwru.edu
John Linn linn@erlang.enet.dec.com
Arun Mahajan axm@proteon.com
Kent Malave kent@chang.austin.ibm.com
Kim Mayton mayton@wg.com
Keith McCloghrie kzm@hls.com
Thomas McGinty mcginty_t*corp_m@msm.cdx.mot.com
John McKenna mckenna@ralvm12.vnet.ibm.com
David Minnich dwm@fibercom.com
Lynn Monsanto monsanto@sun.com
Paul Moran Paul_Moran@3com.com
Rina Nathaniel rina!rnd!rndi@uunet.uu.net
Sam Nicholson scion@pblx.knox.tn.us
Bill Norton wbn@merit.edu
Steven Onishi sonishi@wellfleet.com
Andrew Patka apatka@wellfleet.com
John Payne jop@wang.com
David Perkins dperkins@synoptics.com
Richard Ramos ramos@mtunm.att.com
Ed Reeder EREEDER@ralvm12.vnet.ibm.com
Sam Roberts sroberts@farallon.com
Dan Romascanu dan@lannet.com
Marshall Rose mrose@dbc.mtview.ca.us
Michael Sapich sapich@conware.de
Koichiro Seto seto@hitachi-cable.co.jp
Timon Sloane peernet!timon@uunet.uu.net
Einar Stefferud stefisoc@nma.com=
Mark Therieau markt@python.eng.microcom.com
Dean Throop throop@dg-rtp.dg.com
Stephen Tsun snt@nsd.3com.com
Ahmet Tuncay atuncay@synoptics.com
Dono van-Mierop dono_van_mierop@3mail.3com.com
Huyen Vu vi@polaris.disa.mil
David Waitzman djw@bbn.com
Gerard White
Steven Wong wong@took.enet.dec.com
Honda Wu natadm!honda@uunet.uu.net
Kiho Yum kxy@nsd.3com.com
Joseph Zur zur@fibhaifa.com
3