CURRENT_MEETING_REPORT_
Reported by James Galvin/TIS and Keith McCloghrie/Hughes
SNMPSEC Minutes
The SNMP Security Working Group met on Wednesday evening, November 20.
The Agenda was as follows.
o Document Finalization
o Interoperability Reports
o Other Comments
o Steps to Publication
In particular, the Working Group wanted to see revised documents and
implementation experience before it would consider recommending the
documents for publication.
Two of the three documents had been revised and distributed prior to the
meeting: SNMP Security Protocols and Definitions of Managed Objects for
Administration of SNMP Parties. There were no non-editorial changes to
be made to the SNMP Administrative Model document so it was not revised
for this meeting.
Document Finalization
Two editorial changes had been suggested on the mailing list for the
revised SNMP Security Protocols document. These changes were noted for
the Working Group.
The editorial changes required of the SNMP Administrative Model document
were noted for the Working group.
Interoperability Reports
There are four known implementations of the suite of documents; the only
feature not implemented in any of them was support for proxy. Three of
them have interoperated with each other, using noAuth/noPriv, using MD4,
and using DES. The Working Group requested that the implementations be
upgraded to include support for proxy. [Editors' note: two of the
implementations were so upgraded within a few days of the meeting.]
A number of minor changes were suggested as feedback from the
implementation experience, the most significant being: changing the
units of the party clock to be in seconds, and adding a new MIB object
to the party table to specify the largest SNMP message size that a party
would accept. These changes were presented to the Working Group and all
were approved. A suggestion that additional MIB objects were required
to support proxy to non-SNMP-party based proxied agents was also agreed,
but that these additional objects were considered to be the subject of
separate follow-on document(s).
1
�
In addition, some performance data was presented comparing the use of
MD4 and MD5 as authentication digest algorithms. The data indicated
that using MD5 took 15MD4 took 5the MD4 implementation was an
``optimized'' implementation, while the MD5 implementation was the one
directly out of the internet draft. This suggests that the reported
difference should be a worst case scenario.
Next, it was reported to the meeting that the authors of MD4 have
decided that the MD4 algorithm is suitable for use in all applications
except those which are long-lived. In particular, a protocol standard
is considered long-lived. Consequently, the Working Group decided to
adopt MD5 instead of MD4.
Other Comments
A number of other wording changes to the documents were suggested by
meeting attendees. All suggestions were noted and adopted.
Steps to Publication
The Working Group agreed that its work was ready for publication. The
following steps were specified.
1. The documents would be revised according to the comments discussed
at the meeting by Friday, November 22.
2. The documents will be submitted as internet drafts by Monday,
November 25.
3. The three weeks immediately following their availability as
internet drafts will be set aside for final review of the documents
by the Working Group.
4. At the end of three weeks, the documents will be revised (if
necessary) according to any discussions on the mailing list, and
submitted to the IESG with a recommendation they be published as a
Proposed Standard.
Attendees
Steve Alexander stevea@i88.isc.com
James Barnes barnes@xylogics.com
Larry Blunk ljb@merit.edu
Steve Bostock steveb@novell.com
David Bridgham dab@asylum.sf.ca.us
Theodore Brunner tob@thumper.bellcore.com
Philip Budne phil@shiva.com
Jeffrey Buffum buffum@vos.stratus.com
Jeffrey Case case@cs.utk.edu
Richard Cherry rcherry@wc.novell.com
James Codespote jpcodes@tycho.ncsc.mil
2
�
Stephen Crocker crocker@tis.com
Dave Cullerot cullerot@ctron.com
James Davin jrd@ptt.lcs.mit.edu
Michael Erlinger mike@lexcel.com
Jeff Erwin
Bill Fardy fardy@ctron.com
Shawn Gallagher gallagher@quiver.enet.dec.com
James Galvin galvin@tis.com
William Jackson jackson@manta.nosc.mil
Ole Jacobsen ole@csli.stanford.edu
Ron Jacoby rj@sgi.com
Satish Joshi sjoshi@synoptics.com
Frank Kastenholz kasten@europa.clearpoint.com
David Kaufman
Manu Kaycee kaycee@ctron.com
Mark Kepke mak@cnd.hp.com
Yoav Kluger ykluger@fibhaifa.com
Deidre Kostick dck2@sabre.bellcore.com
Ron Lau
Kenneth Laube laube@bbn.com
Walter Lazear lazear@gateway.mitre.org
John Linn linn@zendia.enet.dec.com
Keith McCloghrie kzm@hls.com
Ellen McDermott emcd@osf.org
Evan McGinnis bem@3com.com
David Minnich dwm@fibercom.com
Lynn Monsanto monsanto@sun.com
David Perkins dperkins@synoptics.com
David Piscitello dave@sabre.bellcore.com
Robert Purvy bpurvy@us.oracle.com
Anil Rijsinghani anil@levers.enet.dec.com
Marshall Rose mrose@dbc.mtview.ca.us
Gregory Ruth gruth@bbn.com
Jonathan Saperia saperia@tcpjon.enet.dec.com
Mark Schaefer schaefer@davidsys.com
John Seligson johns@ultra.com
William Simpson Bill_Simpson@um.cc.umich.edu
Timon Sloane peernet!timon@uunet.uu.net
Bruce Taber taber@interlan.com
Iris Tal 437-3580@mcimail.com
Kaj Tesink kaj@nvuxr.cc.bellcore.com
Mark Therieau markt@python.eng.microcom.com
Dean Throop throop@dg-rtp.dg.com
Steven Waldbusser waldbusser@andrew.cmu.edu
Jeremy Wilson
Preston Wilson preston@i88.isc.com
John Ziegler ziegler@artel.com
3