RFC 5953 interoperability report

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

RFC 5953 interoperability report

Robert Story-5
The Net-SNMP and SNMP Research teams have been testing the
interoperability of our implementations of RFC 5953. Out
interoperability report is attached.

--
Robert Story
Senior Software Engineer
SPARTA (dba Cobham Analytic Soloutions)

_______________________________________________
Isms mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/isms

5953-interoperability-report (5K) Download Attachment
signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: RFC 5953 interoperability report

Alan Luchuk
Hello,

As an implementor of RFC 5953 at SNMP Research, I concur with the statements
in RFC 5953 interoperability report.  The core SNMP protocol operations DO
interoperate over (D)TLS between the SNMP Research and Net-SNMP implement-
ations, and the issues identified are implementation issues, NOT issues
with RFC 5953 specification itself.

Regards,
--Alan

 ------------------------------------------------------------------------------
 Alan Luchuk               SNMP Research, Inc.          Voice:  +1 865 573 1434
 Senior Software Engineer  3001 Kimberlin Heights Road  FAX:    +1 865 573 9197
 luchuk at snmp.com        Knoxville, TN  37920-9716    http://www.snmp.com/
 ------------------------------------------------------------------------------



_______________________________________________
Isms mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/isms
Reply | Threaded
Open this post in threaded view
|

Re: RFC 5953 interoperability report

Juergen Schoenwaelder-2
In reply to this post by Robert Story-5
On Mon, Dec 13, 2010 at 11:55:44AM -0500, Robert Story wrote:
> The Net-SNMP and SNMP Research teams have been testing the
> interoperability of our implementations of RFC 5953. Out
> interoperability report is attached.

Robert (and Alan),

thank you very much for the report. I assume the implementation use
RFC 5591 (which relies on RFC 5590) and likely they also use RFC
5343. Will there be separate interoperability reports for these
specifications as well or is the plan to expand the scope of the
report to cover these RFCs as well?

Concerning the security level mapping, it seems that this was not
implemented and left to be added if there is demand for supporting
weak cryptography in TLS. So is this a feature that perhaps is not
needed?

Another question: Are you aware of any real-world deployments of SNMP
over TLS?  RFC 2026 also calls for "sufficient successful operational
experience" to advance to Draft Standard level.

/js

--
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
_______________________________________________
Isms mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/isms
Reply | Threaded
Open this post in threaded view
|

Re: RFC 5953 interoperability report

Robert Story-5
On Wed, 15 Dec 2010 08:36:35 +0100 Juergen wrote:
JS> thank you very much for the report. I assume the implementation use
JS> RFC 5591 (which relies on RFC 5590) and likely they also use RFC
JS> 5343. Will there be separate interoperability reports for these
JS> specifications as well or is the plan to expand the scope of the
JS> report to cover these RFCs as well?

Separate reports are in the works..

JS> Concerning the security level mapping, it seems that this was not
JS> implemented and left to be added if there is demand for supporting
JS> weak cryptography in TLS. So is this a feature that perhaps is not
JS> needed?

Net-SNMP does plan on implementing it. The problem with removing it is
that 'weak cryptography' is a moving target. We want to have the
ability to do the mapping in place before it's needed.

JS> Another question: Are you aware of any real-world deployments of SNMP
JS> over TLS?  RFC 2026 also calls for "sufficient successful operational
JS> experience" to advance to Draft Standard level.

I'm going to let Wes field this one.

--
Robert Story
Senior Software Engineer
SPARTA (dba Cobham Analytic Soloutions)

_______________________________________________
Isms mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/isms

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: RFC 5953 interoperability report

Wes Hardaker-2
Unfortunately there is somewhat of a chicken and egg problem here, along with the standard reporting mechanism to the IETF of "there isn't one".

I know of people that want to see it at Draft before they really kick in to using it.  Hence the chicken and egg problem.

I know weMve gotten some people playing with our test server.  I know we've gotten some people that have asked questions about it.  So given all that, yes I think there is definitely deployment happening.  I know as implementers we've learned a lot from interacting with people asking questions about setting it up and using it.  We've changed code based on comments and questions.  So, IMHO, we've received enough feedback to meet that requirement.

----- Original message -----

> On Wed, 15 Dec 2010 08:36:35 +0100 Juergen wrote:
> JS> thank you very much for the report. I assume the implementation use
> JS> RFC 5591 (which relies on RFC 5590) and likely they also use RFC
> JS> 5343. Will there be separate interoperability reports for these
> JS> specifications as well or is the plan to expand the scope of the
> JS> report to cover these RFCs as well?
>
> Separate reports are in the works..
>
> JS> Concerning the security level mapping, it seems that this was not
> JS> implemented and left to be added if there is demand for supporting
> JS> weak cryptography in TLS. So is this a feature that perhaps is not
> JS> needed?
>
> Net-SNMP does plan on implementing it. The problem with removing it is
> that 'weak cryptography' is a moving target. We want to have the
> ability to do the mapping in place before it's needed.
>
> JS> Another question: Are you aware of any real-world deployments of SNMP
> JS> over TLS?   RFC 2026 also calls for "sufficient successful operational
> JS> experience" to advance to Draft Standard level.
>
> I'm going to let Wes field this one.
>
> --
> Robert Story
> Senior Software Engineer
> SPARTA (dba Cobham Analytic Soloutions)

_______________________________________________
Isms mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/isms