> > BTW, nothing about your note explains to me why you think that this > > mechanism should be defined in a Security area WG that is working on a > > completely separable problem. The intent of ISMS is for SNMP to share common security infrastructure, and in particular, common security infrastructures which are session-based. So, ISMS has decided that "session-based security" is needed, which is an architectural departure from the "datagram-based security" previously specified by the Net Mgmt Area (to see why, see ** below.) Therefore, I suggest the problem is only *partially* separable. Call-Home involves two issues: 1) the passing through Firewalls/whatever issue which is completely separable, and 2) the session v. datagram issue which is not separable. Specifically, the non-separable part is about who sets up the session, and what types of messages can be sent on a session which was setup by a device calling-home. > > If you really think that defining call > > home for SNMP is something that the IETF should do, I would encourage > > you to get together with Eliot and request a BOF in the OPS area. > > That's because I haven't formed an opinion on it. My main point > is that this doesn't seem to me to be any sort of wildly divergent > architectural proposition, at least on the front of who "initiates" > a connection. As Harald pointed out, I really can't see how you'd > prevent some industrious developers from using SNMP in this way > regardless of how the working group is chartered, and from that > standpoint it might be better to get ahead of the ball on it if > it were inevitable, and it does seem to have a fair number of > security considerations. Exactly. My concerns with the charter are: 1. that if the charter declares Call-Home as out-of-scope, then there will be technical/architectural issues which are relevant but cannot be discussed because they are out-of-scope, and 2. consequently, the decisions made might well end up such that they cannot even be extended later to support Call-Home. 3. and if so, nobody will want to define (at a later date) yet another SNMP Security Model even if that is the only way to support Call-Home. Keith. ** In "session-based security", only one SNMP user can use the session at a time. In contrast, the current SNMP architecture assumes "datagram-based security", in which security is carried in every SNMP message independent of any session/connection. Consider that RFC 3430 (SNMP-over-TCP) says: It is RECOMMENDED that implementors consider the security features as provided by the SNMPv3 framework in order to provide SNMP security. Specifically, the use of the User-based Security Model STD 62, RFC 3414 [10] and the View-based Access Control Model STD 62, RFC 3415 [11] is RECOMMENDED. In USM, each message has its own security, e.g., two different SNMP users can be using the same TCP connection at the same time. ISMS's proposal for SNMP-over-SSH will require all SNMP messages on one SSH session to be for the same SNMP user. Also remember that the security parameters of a USM message are dependent on the PDU type contained in the message (specificially, whether the sender or receiver is "authoritative"). So, "what types of messages can be sent on a session which was setup by a device calling-home" is both a security and an architectural issue. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf