Margaret, > None of this seems very material to the ISMS discussion, though... > > Today SNMP (whether it is running over UDP or TCP) doesn't have the > call home feature. Do you really think it is reasonable to tie the > addition of that feature to the definition of a new security > mechanism for the existing SNMP protocol? If so, why? Today's SNMP (whether it is running over UDP or TCP) has datagram-based security (or no security). What the ISMS WG is proposing to do is to introduce session-based security. The definition of session-based security will need to decide how to tie the security in one direction with the security in the other direction, and the factors involved in such a tie include a subset of the requirements for Call Home. > IMO, we need to try to do our work in manageable chunks in the right > groups/areas. A security area working group working on a new > security mechanism for the existing SNMP model is one chunk. Perhaps > an OPS area WG working on an optional SNMP call home mechanism is > another...? I don't see how the level of change/disruption to the > vendor community is substantially affected by whether these two > separate mechanisms are defined in one IETF working group or two. If there are going to be two WGs, then the split between them needs to be non-overlapping. With the split you propose, there is a common subset of the two, and if the common subset is defined in different WGs, they are likely to make incompatible decisions, i.e., the Call Home won't be able to work over session-based security. Keith. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf