======================================================= Integrated Security Model for SNMP WG (isms) IETF #74, San Francisco THURSDAY, March 26, 2008, 1510-1610, Continental 1&2 Taken by Juergen Quittek ======================================================= WG Chair: Juergen Schoenwaelder Meeting Chair: Bert Wijnen WG URL: http://tools.ietf.org/wg/isms/ Jabber: xmpp:isms@jabber.ietf.org Agenda: 1) Agenda bashing, WG status ( 5 min) (Bert Wijnen) - Blue sheets - Minute and note takers - Jabber scribe 2) Delivery celebration | issue resolution (5 | 30 min) (David Harrington) - Transport Subsystem for SNMP [1] - Transport Security Model for SNMP [2] - Secure Shell Transport Model for SNMP [3] - RADIUS Usage for SNMP SSH Security Model [4] 3) Handling of ISMS related drafts (10 min) (Pasi Eronen, Dan Romascanu) 4) Wrap up and review of action items ( 5 min) (Bert Wijnen) WG Documents: [1] Transport Subsystem for the Simple Network Management Protocol (SNMP) [2] Transport Security Model for SNMP [3] Secure Shell Transport Model for SNMP [4] Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models Related Documents: [5] Datagram Transport Layer Security Transport Model for SNMP [6] Simplified View-based Access Control Model (SVACM) for the Simple Network Management Protocol (SNMP) [7] Remote Authentication Dial-In User Service (RADIUS) Authorization for Network Access Server (NAS) Management Summary: The WG deliverables passed WG last call and will be delivered to the responsible AD. The known editorial comments will be dealt with as part of the IETF last call process. WG members expressed interest to do followup work. This requires a rechartering discussion that will take place on the WG mailing list. During the rechartering discussion, it needs to become clear what the available resources are (editors, reviewers, (co-)chairs) and whether the active people can commit to realistic milestones. Meeting Notes: Bert Wijnen gave an overview of the ISMS WG documents. There were no requests to change the agenda. Wes reported for David Harrington. All four documents passed WG last call. - Transport Subsystem for SNMP [1] Only editorial changes have been applied since the last version. Jeff Hutzelman: I will review all drafts over the weekend and send my comments next week. Bert: These comments may then be taken as input for IETF last call. - Transport Security Model for SNMP [2] Editorial changes have been applied. The MIB copyright still needs an update. No issues raised in the session. Dave Harrington: This document is ready for AD review. - Secure Shell Transport Model for SNMP [3] Wes Hardaker stated that he is confident that WG consensus on the technical issues has happened and that the previous discussions were surrounding wording of that consensus only. He believes that the current text, as read by the working group members that have read it, is left to just minor editorial issues. This document is considered to be ready for AD review. No concerns were stated in the session. - RADIUS Usage for SNMP SSH Security Model [4] This draft is considered highly stable. Editorial changes were only applied in order to achieve consistency between different ISMS drafts. It is considered ready for AD review. There are no technical issues left in any of the documents. The chair and the presenter thanked David Harrington for his exceptional work and dedication. Since no issue has been raised on any document, the WG chair considers all WG documents to have WG consensus and will pass them to AD review. Editorial issues will be dealt with together with any IETF last call comments. There is a known implementation at Jacobs University in Bremen. Also Wes Hardaker has a partial one. The WG chair and the responsible area director agree that the WG should become dormant after submitting all documents of the current charter to AD. Wes Hardaker suggests that the WG should continue being active because there are related drafts out there that have support from the community. Dave Harrington supports this view pointing out that the use of RADIUS attributes to manage access control had been postponed some time ago. There is an unfinished document on this issue. The WG should adopt this document and update it's charter. Jeff Hutzelman also suggests rechartering in order to complete the RADIUS work and to potentially pick up the DTLS work started by Wes Hardaker. Bert Wijnen asked for hands. 5 were raised in support for continuing the WG. No one was raised in support of closing the WG. Pasi Eronen: The WG need to re-carter anyway. The support from the community is weak. Reviewers are few. Jeff Hutzelman: I suggest we go ahead and prepare an updated charter and make the decision based on these discussions. Juergen Quittek: What bout setting deadline until when the WG should have created a new charter and received commitment from document authors? If this does not happen until soon we still may close the WG. Juergen Schoenwaelder (via Jabber): We should consider alternatives such as continuing the work in the OPSAWG. David Harrington: Going there with a new audience would be a mistake. In the ISMS WG a lot of knowledge has been accumulated and understanding between SNMP folks and SSH folks has developed very well. Wes Hardaker: Having this WG in the security area and not in the OAM area helped to get security experts in. They might not follow to OPSAWG. Jeff Hutzelman: There are reasons to continue. But we need editors and a chair that are willing to work. We cannot make a decision now without knowing this. Dan Romascanu: Moving the work to the OPSAWG depends on whether people from here are willing to also go to the OPSAWG. Wes Hardaker: Let's ask people here about their support for progressing and reviewing the documents. Bert Wijnen: Who supports Wes' DTLS document? 9 hands show up, no one opposed. Who would review the document? 6 hands showed up. In this room we have sufficient support for this document. Bert Wijnen: Who supports the document on simplified VACM? No hand showed up. David Harrington: I would help the authors with this document. Bert Wijnen: What about the remaining document on RADIUS usage to manage VACM ()? Who thinks we need to work on this document? 6 Hands showed up. Bert Wijnen: Who would help editing the document? No hands showed up. Bert Wijnen: Who would be willing to review? 5 hands showed up. David Harrington: I would be willing to co-chair. Bert Wijnen: We cannot make a decision here. If ISMS continues, we would need a new charter. Who would help? Jeff Hutzelman, Wes Hardaker and David Harrington offered support. David Harrington: I think this RADIUS support for access control is very important. A poll at NANOG showed up RADIUS integration as the second most wanted feature.