Good catch Ira,...yes, this is a long-awaited publication.
Looking forward to the "next" long-awaited doc (at least I'm waiting for it :) that enables using NAC mechanisms
to provision SNMP VACM agents...
Pretty soon....SNMPv3 will become easy to deploy :) Hopefully, that will create a catalyst for more folks using it.
R.
On Aug 20, 2010, at 1:53 PM, Ira McDonald wrote:
> Hi,
>> The long-awaited enterprise network-friendly way to deploy SNMP
> authentication and security using TLS and DTLS.
>> Recommended reading.
>> Cheers,
> - Ira
>>> ---------- Forwarded message ----------
> From: <rfc-editor at rfc-editor.org>
> Date: Fri, Aug 20, 2010 at 2:14 PM
> Subject: [Isms] RFC 5953 on Transport Layer Security (TLS) Transport
> Model for the Simple Network Management Protocol (SNMP)
> To: ietf-announce at ietf.org, rfc-dist at rfc-editor.org> Cc: isms at ietf.org, rfc-editor at rfc-editor.org>>>> A new Request for Comments is now available in online RFC libraries.
>>> RFC 5953
>> Title: Transport Layer Security (TLS) Transport
> Model for the Simple Network Management
> Protocol (SNMP)
> Author: W. Hardaker
> Status: Standards Track
> Stream: IETF
> Date: August 2010
> Mailbox: ietf at hardakers.net> Pages: 65
> Characters: 147393
> Updates/Obsoletes/SeeAlso: None
>> I-D Tag: draft-ietf-isms-dtls-tm-14.txt
>> URL: http://www.rfc-editor.org/rfc/rfc5953.txt>> This document describes a Transport Model for the Simple Network
> Management Protocol (SNMP), that uses either the Transport Layer
> Security protocol or the Datagram Transport Layer Security (DTLS)
> protocol. The TLS and DTLS protocols provide authentication and
> privacy services for SNMP applications. This document describes how
> the TLS Transport Model (TLSTM) implements the needed features of a
> SNMP Transport Subsystem to make this protection possible in an
> interoperable way.
>> This Transport Model is designed to meet the security and operational
> needs of network administrators. It supports the sending of SNMP
> messages over TLS/TCP and DTLS/UDP. The TLS mode can make use of
> TCP's improved support for larger packet sizes and the DTLS mode
> provides potentially superior operation in environments where a
> connectionless (e.g., UDP) transport is preferred. Both TLS and DTLS
> integrate well into existing public keying infrastructures.
>> This document also defines a portion of the Management Information
> Base (MIB) for use with network management protocols. In particular,
> it defines objects for managing the TLS Transport Model for SNMP.
> [STANDARDS TRACK]
>> This document is a product of the Integrated Security Model for SNMP
> Working Group of the IETF.
>> This is now a Proposed Standard Protocol.
>> STANDARDS TRACK: This document specifies an Internet standards track
> protocol for the Internet community,and requests discussion and suggestions
> for improvements. Please refer to the current edition of the Internet
> Official Protocol Standards (STD 1) for the standardization state and
> status of this protocol. Distribution of this memo is unlimited.
>> This announcement is sent to the IETF-Announce and rfc-dist lists.
> To subscribe or unsubscribe, see
>http://www.ietf.org/mailman/listinfo/ietf-announce>http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist>> For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.> For downloading RFCs, see http://www.rfc-editor.org/rfc.html.>> Requests for special distribution should be addressed to either the
> author of the RFC in question, or to rfc-editor at rfc-editor.org. Unless
> specifically noted otherwise on the RFC itself, all RFCs are for
> unlimited distribution.
>>> The RFC Editor Team
> Association Management Solutions, LLC
>>> _______________________________________________
> Isms mailing list
>Isms at ietf.org>https://www.ietf.org/mailman/listinfo/isms>> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>> _______________________________________________
> pwg-announce mailing list
>pwg-announce at pwg.org>https://www.pwg.org/mailman/listinfo/pwg-announce>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.