Re: [Isms] SNMP over (D)TLS draft available for review

To: Wes Hardaker <wjhns1 at hardakers.net>
Subject: Re: [Isms] SNMP over (D)TLS draft available for review
From: Hamid Mukhtar <hamid.mukhtar at gmail.com>
Date: Wed, 28 Oct 2009 14:58:51 +0900
Cc: isms at ietf.org
Delivered-to: isms at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=7KA03fKJlNai0FpmV1PabBStjhZSpWZr3aPAvpSpjls=; b=wBx838hH1SJq3TUdFXzb9rZPmy1h12CKahnDsvZEQJHeKodniSa89htVrRs9ANzM3V ahSUVBkLjP2KS+Fj+EnzUs9BfwOzpnp1joH8ZZtf7k83iWjxFAffv7r29Ise/vTFMOMd rSf+SL8NTtnsURMpjEoCr2Uoe/ooKJ7OVi3VY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=U8avSmuKUbKAOT43FSvRDe4UWdekr+H1IDOZymfD6CBGQ8xhx7wEcDEmBY4Z0Ur1Ez KkVeT5AfhUqxjK0Zijjj3baU3YNKb7XG0QV1VGhhcOsUt/jW5yhuNx32loOLYJ1UhsAV nMmSwkLATFUdjr8CTZLVkgDI6baRtisvX+CQg=
In-reply-to: <sd7hug30d2.fsf at wjh.hardakers.net>
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <sd7hug30d2.fsf at wjh.hardakers.net>

Dear Wes,

In section 3.1.2 its mentioned that

>   the NULL integrity and encryption algorithms MUST NOT be used to fulfill
>   security level requests for authentication or privacy.
>   Implementations MAY choose to force (D)TLS to only allow
>   cipher_suites that provide both authentication and privacy to
>   guarantee this assertion.

IMO the requirement, as stated currently, may have to be changed to
consider authentication-only cipher suites (with no encryption)
[RFC4785].

On Wed, Oct 28, 2009 at 8:04 AM, Wes Hardaker <wjhns1 at hardakers.net> wrote:
>
> As you probably saw from the official draft announcement, a new copy of
> the SNMP over (D)TLS draft is available from:
>
>  http://tools.ietf.org/html/draft-ietf-isms-dtls-tm-01
>
> A diff from the previous version can be found here:
>
>  http://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-isms-dtls-tm-01.txt
>
> The -01 version reflects all outstanding issues that I'm aware of.  It
> would be good if WG participants could review the document and/or
> changes prior to the WG meeting in Hiroshima and list any issues you
> have with the draft so we can use the meeting time to discuss any of
> them that require a face-to-face meeting.
> --
> Wes Hardaker
> Cobham Analytic Solutions
> _______________________________________________
> Isms mailing list
> Isms at ietf.org
> https://www.ietf.org/mailman/listinfo/isms
>

Follow-Ups:
- Re: [Isms] SNMP over (D)TLS draft available for review
  - From: Wes Hardaker

References:
- [Isms] SNMP over (D)TLS draft available for review
  - From: Wes Hardaker

Prev by Date: [Isms] SNMP over (D)TLS draft available for review
Next by Date: Re: [Isms] SNMP over (D)TLS draft available for review
Previous by thread: [Isms] SNMP over (D)TLS draft available for review
Next by thread: Re: [Isms] SNMP over (D)TLS draft available for review
Index(es):
- Date
- Thread

Re: [Isms] SNMP over (D)TLS draft available for review

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.