[Isms] Session timeouts?

["David B. Nelson" <d.b.nelson at comcast.net>]

I'm starting a separate thread to discuss the issue of providing
RADIUS-provisioned session timeouts for SNMP connections.  This came up in
the review comments on the RADIUS Usage for SNMP draft.

> >    1.  Session-Timeout
> >    2.  Inactivity-Timeout.
> > What transport model does this?
> 
> Well, I'm not sure any of them do...  more like they should.  
> I think this needs some discussion.

A couple of folks opined that this is useful.  RADIUS has a long history of
provisioning session timeouts for the services that it authorizes, dating
back to its original use in terminal servers and dial-up remote access
servers.  For example, the RADIUS usage guide for 802.1X (RFC 3580)
describes how the RADIUS attributes Session-Timeout (27) and Idle-Timeout
(28) affects network connections moderated by an 802.1X Controlled Port.  I
think the RADIUS usage guide for SNMP should do likewise.

The issue in question seems to be where this happens, and the only
reasonable answer seems to be in the secure transport (e.g. SSH).  ISMS
cannot place requirements on SSH usage of RADIUS generally, but we can
probably place requirements on SSH usage of RADIUS when SSH is used to
support an SNMP Transport Model.

Does that seem reasonable?


_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms