Russ Mundy | 1 Jul 05:03 2002

Submission of SNMPv3 WG Document (rfc2570bis) to IESG


The SNMPv3 Working Group has completed Working Group Last-Call and reached
consensus on the update to RFC-2570.  The document
<draft-ietf-snmpv3-rfc2570bis-02.txt> has been announced on the
IETF-Announce list and is available in the Internet-Drafts directory.

The Co-Chairs of the Working Group hereby forward the document to the IESG
for their review requesting that the document be published as Informational
as described in RFC-2026.  Further, we request that this document be
published with the 'core' specifications that were approved by the IESG as
Standards (announced in 27 Mar 02, email from The IESG, subject: Protocol
Action: An Architecture for Describing SNMP Management Frameworks to
Standard) with this document being the first of the sequentially numbered
series.

Russ Mundy & Dave Harrington
Co-Chair, SNMPv3 Working Group

Molloy, Conor | 5 Jul 15:16 2002

SNMPv3 AES support


Hi,

Does anyone know the status of the internet draft for AES support in SNMPv3?
That is draft-blumenthal-aes-usm-02.txt dated Feb 2002. I've seen no
activity
on this list for this document.

Is there any implementations or planned implementations for this draft yet?

Regards

Conor Molloy

----
BBRS Network Mamagement
Marconi

Wijnen, Bert (Bert | 5 Jul 16:25 2002
Picon

RE: SNMPv3 AES support

Actually, a new revision was posted recently.
  draft-blumenthal-aes-usm-02.txt
But it is not a work item of this WG.

My understanding is that the authors would beat up Secuirty ADs
(and maybe also us as ops ADs) to get progress on this.

TO be fair, when the SNMPv3 specs were approved as full STD, at
the same time, Randy Bush and Steve Bellovin posted a I-D to
explain that an addition of new security protocols to SNMP 
can be expected as the security area agrees that such is needed.
It is: draft-ietf-snmpv3-as-00.txt. So the authors of the
AES doc (and/or the community) might be able to use that
document as a justification to do AES.

I am not sure what the status of that draft-ietf-snmpv3-as-00.txt
doc is. Randy (Bush) are you listening?

Thanks,
Bert 

> -----Original Message-----
> From: Molloy, Conor [mailto:Conor.Molloy <at> marconi.com]
> Sent: vrijdag 5 juli 2002 15:16
> To: 'snmpv3 <at> lists.tislabs.com'
> Subject: SNMPv3 AES support
> 
> 
> 
> Hi,
(Continue reading)

poojan_tanna | 8 Jul 23:06 2002

Any RFC/Draft corresponding to Snmp Support for APS ( Automatic Protection Switching ).

Hi,

Can anybody please point me RFC/Draft corresponding to Snmp Support for APS ( Automatic protection
switching ).

Thanx in advance,
Poojan.

Simon Leinen | 9 Jul 15:42 2002
X-Face
Picon

Re: Any RFC/Draft corresponding to Snmp Support for APS ( Automatic Protection Switching ).

On Tue, 9 Jul 2002 02:36:31 +0530, "poojan_tanna" <poojan_tanna <at> infosys.com> said:
> Hi,
> Can anybody please point me RFC/Draft corresponding to Snmp Support
> for APS ( Automatic protection switching ).

Sure:

 Title		: Definitions of Managed Objects for SONET Linear APS 
                  Architectures
 Author(s)	: J. Johnson, M. Thatcher, J. Kuhfeld
 Filename	: draft-ietf-atommib-sonetaps-mib-08.txt
 Pages		: 43
 Date		: 09-May-02
--

-- 
Simon.

Sullivan Ferrari | 12 Jul 10:11 2002
Picon

SNMPv3

Hi all,

I would like to implement a SNMPv3 agent.
In a first step, I'd like to implement SNMPv3 without security 
mecanisms, is it possible ?
I know security, authentication ... are the main goals of SNMPv3 but 
I prefer to put the minimum SNMPv3 agent on and afterthat, implement 
the security mecanisms.

Is it possible ? 
Thanks a lot

Sullivan

Gream, Matthew | 12 Jul 16:44 2002

RE: SNMPv3


Sure! 

It's also possible to build cars without airbags; or airports without
security checks; or houses without locks; or <insert anything then substract
responsibility>.

Sorry, harsh!

Without being able to give you a technical answer, I would suggest that even
if you can build an agent without security, then the only reason you would
want to do so is for your own internal production process. 

I think that it would be irresponsible (in terms of social responsibility,
and as a engineering or computing professional, this should be part of your
ethics) to make available a security-less implementation of SNMPv3 (or any
other protocol for that matter). Even if the market was available for a
slim-and-trim security-less version, it would be irresponsible to produce
and the world would better off without it in the first place. 

Matthew.

-----Original Message-----
From: Sullivan Ferrari [mailto:sullivan.ferrari <at> free.fr]
Sent: Friday, July 12, 2002 9:11 AM
To: snmpv3 <at> lists.tislabs.com
Subject: SNMPv3
Importance: High

Hi all,
(Continue reading)

Golovinsky, Eugene | 12 Jul 17:35 2002
Picon

RE: SNMPv3

The personal flaming on the mailing list is a strange thing to see.
It is almost like I'm back in 1995.

The person asked honest and legitimate technical question and received
a lesson of engineering ethics rather tan the technical advice.

Sorry, these are emotions.

As far as technical side.
Yes, you can choose not to implement secutiy, but the potential problem
is that it will be really difficult to claim compliance.
Besides, your interoperability is most likely to suffer as well, since
Command Generator that is potentially to talk to your agent (Command
Responder)
will expect fully functional party. You will also run into problems of
generating
notifications.

In other words you probably need a full blown thing and if you do not want
a secure mode of operation you go by the minimal noAuth/noPriv path.

Good luck.
--Gene

-----Original Message-----
From: Gream, Matthew [mailto:mgream <at> orchestream.com]
Sent: Friday, July 12, 2002 9:45 AM
To: snmpv3 <at> lists.tislabs.com
Subject: RE: SNMPv3

(Continue reading)

Terry S. Arnold | 12 Jul 18:12 2002

AES Version SNMPv3

A while back I saw something in this list about an AES based variant of 
SNMPv3. Can anyone give a pointer to information on this proposal and its 
status?

_Terry S. Arnold Merdan Group
    4617 Ruffner St San Diego, CA 92111
    Terry.Arnold <at> merdan.com 858-571-8565 x244 (voice) 858-279-8893 (fax)

David T. Perkins | 12 Jul 18:52 2002

RE: SNMPv3

HI,

As current events are demonstrating, technology without ethical
considerations is not a good thing.

Maybe Matthew overacted to Sullivan's message, but ethical considerations
cannot be ignored when the application of a technology can have
significant adverse impact.

At 10:35 AM 7/12/2002 -0500, Golovinsky, Eugene wrote:
>The personal flaming on the mailing list is a strange thing to see.
>It is almost like I'm back in 1995.
>
>The person asked honest and legitimate technical question and received
>a lesson of engineering ethics rather tan the technical advice.
>
>Sorry, these are emotions.
>
>As far as technical side.
>Yes, you can choose not to implement secutiy, but the potential problem
>is that it will be really difficult to claim compliance.
>Besides, your interoperability is most likely to suffer as well, since
>Command Generator that is potentially to talk to your agent (Command
>Responder)
>will expect fully functional party. You will also run into problems of
>generating
>notifications.
>
>In other words you probably need a full blown thing and if you do not want
>a secure mode of operation you go by the minimal noAuth/noPriv path.
(Continue reading)


Gmane