Transport Subsystem for the Simple Network Management Protocol (SNMP)
draft-ietf-isms-tmsm-18

[Ballot discuss]
The IETF LC did not make any reference to the long list of IPR disclosures. If that is normal for an RFC changing state, I will clear, otherwise a new IETF LC is required.

[Ballot comment]
Section 1.3 expects the reader to:
  have a general understanding of the functionality
  defined in RFCs 3412-3418.
but RFCs 3415, 3416, and 3418 are not listed in the references.

[Ballot comment]
I think the document is a bit lax with SHOULDs, some of which might be better specified as MUSTs or just removed. For example:

3.3.3.  Session Maintenance Requirements

[...]

  If a Transport Model defines MIB module objects to maintain session
  state information, then the Transport Model MUST define what SHOULD
  happen to the objects when a related session is torn down, since this
  will impact interoperability of the MIB module.

Maybe just say "MUST define what heppens to the objects ..."?


3.3.4.  Message security versus session security

[...]

  If a secure transport session is closed between the time a request
  message is received, and the corresponding response message is sent,
  then the response message SHOULD be discarded, even if a new session
  has been established.  The SNMPv3 WG decided that this should be a
  SHOULD architecturally, and it is a security-model-specific decision
  whether to REQUIRE this.  The architecture does not mandate this
  requirement to allow for future security models where this might make
  sense, but not requiring this could lead to added complexity and
  security vulnerabilities, so most security models SHOULD require
  this.

Enclose some SHOULDs in "" to emphasize that they are not declaring requirements?

[Ballot discuss]
In general this is a well written document and I hope to clear this DISCUSS very soon.

3.2.1.  Architectural Modularity Requirements

[...]

  To encourage a basic level of interoperability, any Transport Model
  SHOULD define one mandatory-to-implement security mechanism, but
  should also be able to support additional existing and new
  mechanisms.

Why this SHOULD is not a MUST? I am expecting a mandatory-to-implement to be a MUST.


3.2.2.1.  securityName and securityLevel Mapping

[...]

  Documents defining a new transport domain MUST define a prefix that
  MAY be prepended by the Security Model to all passed securityNames.

I might be slightly confused here: passed by whom?

  The prefix MUST include from one to four ASCII characters, not

You probably didn't mean any US-ASCII character here, e.g. I don't think
you wanted to allow control characters, spaces, etc.
Wouldn't it be better if this is defined as US-ASCII alpha-numeric?

  including a ":" (ASCII 0x3a) character.  If a prefix is used, a
  securityName is constructed by concatenating the prefix and a ":"
  (ASCII 0x3a) character followed by a non-empty identity in an
  snmpAdminString compatible format.  Transport domains and their
  corresponding prefixes are coordinated via the IANA registry "SNMP
  Transport Domains".

3.3.4.  Message security versus session security

  Some Transport Models might support only specific authentication and
  encryption services, such as requiring all messages to be carried
  using both authentication and encryption, regardless of the security
  level requested by an SNMP application.  A Transport Model MAY
  upgrade the security level requested by a transport-aware security
  model, i.e. noAuthNoPriv and authNoPriv might be sent over an
  authenticated and encrypted session.  A Transport Model MUST NOT
  downgrade the security level requested by a transport-aware security
  model, and SHOULD discard any message where this would occur.

What is an alternative to discarding?
(I.e. why the last SHOULD is not a MUST)

IANA comments:

Upon approval of this document, IANA will create the following
registry at
http://www.iana.org/assignments/snmp-number-spaces

Registry Name: SNMP Transport Domains
Reference: [RFC2578] [RFC3417] [RFC-isms-tmsm-16]
Registration Procedures: Specification Required

Note: Each transport domain requires an OID assignment under
snmpDomains [RFC2578].

Initial contents of this sub-registry will be:

Prefix snmpDomains Reference
------- ----------------------------- ---------
udp snmpUDPDomain RFC3417
clns snmpCLNSDomain RFC3417
cons snmpCONSDomain RFC3417
ddp snmpDDPDomain RFC3417
ipx snmpIPXDomain RFC3417
prxy rfc1157Domain RFC3417

We understand the above to be the only IANA Action for this
document.

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?

Juergen Schoenwaelder is the document shepherd.

I have reviewed the document several times including the latest
version and I believe it is ready for forwarding to the IESG for
publication.

(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? Does the Document Shepherd have
any concerns about the depth or breadth of the reviews that
have been performed?

The document has gone through multiple WG last calls and has had over
time significant review by subject matter experts. I do not have any
concerns regarding the level of review for this document.

(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar with
AAA, internationalization or XML?

I do not believe any extra special review (other than normal IETF Last
Call) is needed.

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this document
been filed? If so, please include a reference to the
disclosure and summarize the WG discussion and conclusion on
this issue.

I do not have any specific concerns.
No IPR disclosure been filed as far as we know.

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?

The document has WG consensus and the WG wants the document to be
published as a Proposed Standard.

(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in
separate email messages to the Responsible Area Director. (It
should be in a separate email because this questionnaire is
entered into the ID Tracker.)

No-one has threatened with an appeal or expressed extreme discontent.

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See
http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are
not enough; this check needs to be thorough. Has the document
met all formal review criteria it needs to, such as the MIB
Doctor, media type and URI type reviews?

The document passes ID-nits 2.10.03. Some references have been updated
since the ID was posted, which can be resolved easily during the IETF
last call process. There are no formal reviews needed for this
document.

(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

References are split in Normative and Informative. All normative
documents have been published.

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body
of the document? If the document specifies protocol
extensions, are reservations requested in appropriate IANA
registries? Are the IANA registries clearly identified? If
the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation
procedure for future registrations? Does it suggest a
reasonable name for the new registry? See [RFC5226]. If the
document describes an Expert Review process has Shepherd
conferred with the Responsible Area Director so that the IESG
can appoint the needed Expert during the IESG Evaluation?

The document establishes a registry for SNMP transport domains. The
IANA section defines the initial content, an allocation procedure, and
it suggests a reasonable name. An Expert Review process is not
defined.

(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?

The document does not contain any formal notations that can be checked
for correctness.

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Write-Up? Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary

The document defines a Transport Subsystem, extending the
Simple Network Management Protocol (SNMP) architecture defined
in RFC 3411. The subsystem can contain Transport Models
comparable to other subsystems in the RFC 3411 architecture.
The Transport Subsystem can be used to expand the transports
to include secure transports such as SSH or TLS.

Working Group Summary

The working group went over several revisions of this document
while developing a Transport Model for SSH. The document did
stabilize several revisions ago and has mainly been kept back
to track clarifications and to ensure the new subsystem works
with the SSH transport defined in a companion document. There
has been strong WG consensus on revision 16 of this document.

Document Quality

There are two known implementations in progress of secure
transport models. A concrete SSH subsystem has been worked out
by the ISMS working group and a DTLS subsystem is in progress
as an individual draft and it seems the Transport Subsystem
defined in this document is capable to supports both secure
transports.