======================================================= Integrated Security Model for SNMP WG (isms) IETF 69 Chicago Thursday, July 26, 2007, 1510-1610 Taken by Juergen Schoenwaelder ======================================================= Chairs: Juergen Schoenwaelder Juergen Quittek Agenda: 1) Agenda bashing, WG status 2) Discussion of transport subsystem draft 3) Discussion of transport security model draft 4) Discussion of SSH transport model draft 5) Discussion of RADIUS draft 6) Wrap up Documents: - Transport Subsystem for the Simple Network Management Protocol (SNMP) - Transport Security Model for SNMP - Secure Shell Transport Model for SNMP - RADIUS Usage for SNMP SSH Security Model - RADIUS NAS-Management Authorization - Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP) - SNMP Context EngineID Discovery Actors: JQ = Juergen Quittek DH = David Harrington DN = David Nelson SH = Sam Hartmann JH = Jeffrey Hutzelman JS = Joseph Salowey WH = Wes Hardacker ... Summary: The WG has three current WG documents, the Transport Subsystem for SNMP , the Transport Security Model for SNMP , and the Secure Shell Transport Model for SNMP . All of them are in WG last call and completion of them is expected soon. There is one missing WG documents for which already an individual draft exists. At this meeting it was agreed to accept this individual draft as a WG document. Discussion: 1. Agenda and WG Status No changes to the agenda were made. However, the discussion of the three existing WG drafts (agenda items 2-4) was done in a single agenda slot. JQ explained that all core ISMS documents are in WG last call. Two documents had a WG last call earlier, but because of the number of changes applied after receiving comments they are in WG last call again. 2. Discussion of Core ISMS Drafts David Harrington presented the status of the three documents in WG last call and explained the changes applied since the last meeting. JH and WH raised questions concerning the mapping of transport model specific identifiers into the securityName. It was agreed that the simplified identity mapping is deterministic and appropriate for the SSH transport model. WH commented on the recent change to not reject non-empty securityParameters. After some discussion, it was concluded that not checking the securityParameters is the right approach. 3. Discussion of RADIUS Draft David Nelson, co-chair of the Radius Extensions (RADEXT) WG, presented the state of the individual draft on RADIUS Usage for SNMP Transport Models. The WG accepted this draft as a WG document. The next version of it will be submitted as WG document. The document describes how the SSH transport model can be used with Radius. It references another individual document . This defines new RADIUS attributes for ISMS authorization and other purposes. It was discussed whether this should also become an ISMS WG document or if it should become a WG document of the RADEXT WG. Since its scope is more general than ISMS, the consensus was to ask the RADEXT WG to include the document into their charter. A suggestion was made by JH to improve the abstract. Otherwise, JH believes that document seems to be doing the right thing. JH plans to go back an do a full review of the document. 4. Wrap Up JQ steps down as ISMS co-chair and SH thanks him for his contributions to the ISMS working group. SH asks for volunteers to step in as an ISMS WG co-chair.