ISMS WG Status 62th IETF Minneapolis March 7, 2005

1
ISMS WG Status62th IETFMinneapolisMarch 7, 2005

• Goal Creating a security model for SNMPv3
  that will meet the security and
  operational needs of network administrators.
• Discussion isms_at_ietf.org Admin isms-request_at_ops
  .ietf.org (in body subscribe)

2
Proposals

• SBSM - Session-Based Security Model
• draft-hardaker-snmp-session-sm-03.txt
• EUSM - External User Security Model
• draft-kaushik-snmp-external-usm-01.txt
• updated to version -02
• TLSM - Transport Layer Security Model
• draft-schoenw-snmp-tlsm-01.txt

3
Proposal Evaluation

• Evaluation team
• Uri Blumenthal, Lakshminath Dondeti,
• Randy Presuhn, Eric Rescorla
• Comparison of Proposals for Integrated Security
  Models for SNMP
• draft-ietf-isms-proposal-comparison-00
• Basic statement no clear winner
• Recommendation
• The EUSM architecture would be the right
  direction for the ISMS WG.
• However, a number of aspects of the EUSM design
  need moderate to substantial revision.

4
Recent Discovery

• RFC 3748
• EAP was designed for use in network access
  authentication, where IP layer connectivity may
  not be available. Use of EAP for other purposes,
  such as bulk data transport, is NOT RECOMMENDED.
• The EUSM proposal violates this recommendation

5
Proposal 1 for Changing Work Plan

• Have a new submission deadline soon
• End of April?
• Have a second evaluation of revised or new
  proposals
• Do we need a new team?
• 2nd Evaluation report before summer break
• End of June?
• Charter discussion at IETF 63
• Re-charter until end of August

6
Proposal 2 for Changing Work Plan

• Discuss architecture first
• Consensus by end of April?
• Charter discussion at IETF 63
• Re-charter until August

7
Recommendations for revised/new solution proposals

• Consider recommendations given in the proposal
  comparison I-D
• Clearly and explicitly describe your integration
  with at least one common security infrastructure
• Avoid using EAP

8
Planned ISMS WG Agenda

• 1) WG Status, Agenda bashing ( 5 min)
• 2) Proposal Comparison (45 min)
• - presentation of draft-ietf-isms-proposal-
  comparoson-00
• 3) Discussion of WG direction (30 min)
• - on which soluiton approach will the WG
  focis ist efforts?
• 4) Charter discussion (45 min)
• 5) Update of the EUSM proposal (optional) (20
  min)
• - draft-kaushik-snmp-external-usm-02
• 6) Wrap up ( 5 min)
• - action points, schedule

9
Revised ISMS WG Agenda

• 1) WG Status, Agenda bashing (10 min)
• 2) Proposal Comparison (30 min)
• - presentation of draft-ietf-isms-proposal-
  comparoson-00
• 3) Weaknesses of USM (15 min)
• 4) Update of the EUSM proposal (optional) (15
  min)
• - draft-kaushik-snmp-external-usm-02
• 5) Discussion of procedure (20
  min)
• 6) Wrap up ( 5 min)
• - action points, schedule

10
ISMS Milestones

• Apr 04  
• Cut-off date for internet-drafts to be submitted
  to the working group for consideration as a
  proposed solution
• Jun 04
• Proposal evaluation and recommendation
• Aug 05
• Working group will recharter to include
  publication goals or shutdown if no consensus on
  a technical direction is reached by this time