Integrated Security Module for SNMP BOF (isms)

Friday, August 6 at 0900-1130
=============================

CHAIRS: Wes Hardaker <hardaker@tislabs.com>
	David Perkins <dperkins@dsperkins.com>


AGENDA:

 Agenda Bashing		               	      5 min
  Introduction to the problem space	      10 min
  Charter Discussion			      30 min
  Solution potentials:
    draft-kaushik-snmp-external-usm           10 min
    draft-hornstein-snmpv3-ksm                10 min
    draft-hardaker-snmp-session-sm            10 min
  Discussion			              Any remaining time

DESCRIPTION:

Version 3 of the Simple Network Management Protocol (SNMPv3) was
completed recently and added security to the previous versions of the
protocol.  Although the enhanced protocol was secure, operators and
administrators found that deploying it could be problematic in large
distributions.  This was due primarily to the addition of yet another
authentication synchronization requirement across all networking
devices.  Most of these devices already contained local accounts
and/or the ability to negotiate with authentication servers
(e.g. RADIUS servers).  However, SNMPv3 did not make use of these
authentication mechanisms, and this caused additional synchronization
burdens.  

The desire for a solution to this problem is well known among both
IETF participants and Network Operators (an online survey was
conducted and advertised to the NANOG community to be certain that
this problem needed to be addressed in operational environments).

There are already multiple solutions being proposed in
internet-drafts.  The primary goal for this BOF is to define a
potential charter should the working group be created.  The rest of
the time will be allocated to discussing the problem and the proposed
solutions.