Last Modified: 2005-02-02
|Done||Cut-off date for internet-drafts to be submitted to the working group for consideration as a proposed solution|
|Mar 05||Decision about which solution approach the WG will focus its efforts on|
|Mar 05||2005 Working group will recharter to include publication goals or shutdown if no consensus on a technical direction is reached by this time|
Minutes of the ISMS session at IETF 62
Monday March 7, 19:30 h - 22:00 h
Integrated Security Model for SNMP working group
Chairs: Ken Hornstein <email@example.com>
Juergen Quittek <firstname.lastname@example.org>
0. Session Summary
1. ISMS WG Status
2. Comparison of Proposals
3. ISMS goals and problems with USM
4. Wrap up
Discussed Internet drafts
Comparison of Proposals for Integrated Security Models for SNMP
(Simple Network Management Protocol)
Transport Layer Security Model (TLSM) for the Simple Network
Management Protocol version 3 (SNMPv3)
A Session-Based Security Model (SBSM) for version 3 of the Simple
Network Management Protocol (SNMPv3)
External User Security Model (EUSM) for version 3 of the Simple
Network Management Protocol (SNMPv3)
0. Session Summary
The ISMS evaluation team had produced an I-D comparing the proposed solutions TLSM, EUSM, and SBSM. The team gave the recommendation to choose EUSM as starting point for standardization work in ISMS. However, EUSM uses EAP and few days before the meeting, the ADs discovered that this conflicts with the EAP applicability statement in RFC 3748.
The WG discussed this constraint extensively without reaching consensus on how to react. In order to still progress further, the WG decided to make a decision on the target ISMS architecture first, before closing the protocol issue. The chairs and the evaluation team will post a description of the alternative architectures that have been discussed and will try to achieve consensus on a single ISMS architecture until end of April. Then discussion on a new ISMS charter will start, that must be completed at IETF63. Otherwise the WG will be closed.
1. ISMS WG Status (Juergen)
Three proposal have been submitted as proposals for an ISMS: SBSM, EUSM, and TLSM. An evaluation team analyzed them and delivered a comparison and a recommendation as an internet draft. There was no clear winner among, but the evaluation team recommended starting with EUSM and applying a set of modifications to it. It was appreciated that EUSM does implement a key exchange protocol by itself, but re-used an existing one, the EAP.
The week before the IETF it turned out that this choice was not a good one. In RFC 3748 there is an applicability statement for EAP that limits EAP applications to network access authentication, which is not the case for EUSM. The ADs decided that the WG cannot use EAP because of this.
[?] Can someone in the room explain why EAP should not be applied.
[Eric Rescorla] There are two orthogonal issues: One is the integration of a security protocol with the SNMP stack. The second is which protocol is acceptable for key exchange. There are several other protocols that potentially can be used instead of EAP.
[?] EAP was chosen for EUSM becasue it works well with AAA protocol
[Kaushik Narayan] We have a process of evaluating the approach and EUSM was recommended. There will be ways of using other protocols, but is EAP completely out of the game or may it still be used with some restrictions?
[?] I am not convinced that it is not a good idea to use EAP.
[Sam Hartman] I would be very concerned about uses of EAP that are involving interactions with the radius server and the person initiating the request. The EAP applicability statement clearly exclude the application in ISMS
[Wes Hardaker] Let's decide on the architecture first independent of protocols. All three proposals are going to use radius. Let's first discuss about whether we want in-band key exchange or off-band key exchange.
[Eric] There are four ways to move forward: (1) no authentication (2) some other framework besides EAP, (3) we really want to use EAP and try to convince the ADs, (4) we design something completely new.
[?] The requirements for ISMS look like IKE would be a perfect solution.
[Sam] IKEv2 also has an applicability statement. IKEv2 is only to be used for IPsec.
[Juergen] I also see three options: we try to push EAP hardly, we go on with the recommendation but replace EAP by something else, or we start another round of proposals and recommendation. Shall we go for another round of proposal and evaluation until the next meeting?
[Eric] We can either first work on the EAP issue or first on the architecture issue.
[Sam (not speaking as AD)] I think TLSM would be the best choice. It solves all problems with established and appropriate means.
[Kaushik] TLS does not address authentication for anything else than certificates or shared secrets.
[Eric] TLSM is a framework, not a protocol. You can wedge any underlying transport security mechanism underneath.
[Wes] Re-use of existing protocols is limited if we continue using UDP for SNMP.
[Sam] In the UDP space we have DTLS.
[David Nelson] If we talk about re-use, we should think about re-using what operators already have installed.
[Dave Harrington] TCP is fine for SNMP, but there must be a fallback to UDP possible.
[Sam] If you do the architecture decision first, please make sure that later implementation constraints will not make you change you decision.
[Sam] I'm deeply concerned anywhere where clients talk to radius servers.
[Wes] We should discuss on the architecture first, rather than doing another round of proposal and evaluation until the next meeting.
Juergen asked for handraising. There was a clear majority of the session participants in favor of deciding on the architecture first. It was agreed to decide on the architecture until end of April.
[Wes] The evaluation team and/or the chairs should summarize the architecture issues in order to structure the decision.
2. Comparison of Proposals (Lakshminath Dondeti)
Lakshminath summarized the architectural differences of the three proposals and explained the list of recommendations given in the document.
3. ISMS goals and problems with USM (Dave Perkins)
Dave summarizes the WG goals and discusses weaknesses of USM. for potential ISMS solution he discussed pros and cons of re-using USM.
4. Wrap up
The WG has to decide on an architecture until April and on a new charter until August. the milestones in the current charter will be updated accordingly.