Simple Network Management Protocol (SNMP) Context EngineID Discovery
draft-ietf-opsawg-snmp-engineid-discovery-03

[Ballot comment]
Section 4: RFC 5226 says that "Specification Required" policy implies
"Expert Review", and "required documentation and review criteria for
use by the Designated Expert should be provided when defining the
registry". It would be good to add at least 1-2 sentence about the
intended review criteria to Section 4.

A revised I-D will be issed to address concerns raised in the GenART review by Brian Carpented, including documenting potential information leakage associated with snmpEngineID discovery based on WG consensus

IANA Last Call comments:

Upon approval of this document, IANA will revise the current
"SnmpEngineID Formats" registry, which does not contain any
registrations, so that it appears as follows:

Registry Name: SnmpEngineID Formats
Reference: [RFC3411][RFC-ietf-opsawg-snmp-engineid-discovery-02.txt]
Range    Registration Procedures      Notes
--------  ----------------------------- --------------------
1-127    Specification Required
128-255  Enterprise-specific          IANA does not assign

Registry:
Format  Description                      Reference
-------  -------------------------------  ---------
0        Reserved                        [RFC3411]
1        IPv4 address                    [RFC3411]
2        IPv6 address                    [RFC3411]
3        MAC address                      [RFC3411]
4        administratively assigned text  [RFC3411]
5        administratively assigned octets [RFC3411]
6        local engine    [RFC-ietf-opsawg-snmp-engineid-discovery-02.txt]
7-127    Unassigned
128-255  Reserved for enterprise-specific [RFC3411]

URL: http://www.iana.org/assignments/snmp-number-spaces

** QUESTION: Can you confirm that value 0 is NOT available for
assignment?

We understand the above to be the only IANA action for this
document.

Gen-ART review from Brian Carpenter

Summary: Almost ready

Comments:

** Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226)

5.  Security Considerations
...
  If a device configuration permits non-secure SNMPv1/v2c access to a
  target system, then reading the snmpEngineID variable of the SNMP-
  FRAMEWORK-MIB will also reveal a suitable contextEngineID value for
  subsequent SNMPv3 usage.  However, implementations should not rely on
  non-secure SNMPv1/v2c access and therefore MUST implement this
  specification to enable secure contextEngineID discovery.

This is a little odd, since, as the previous paragraph indicates,
the localEngineID mechanism is not intrinsically secure. I think the
second sentence should be extended to:

                            However, implementations should not rely on
  non-secure SNMPv1/v2c access and therefore MUST implement this
  specification to enable secure contextEngineID discovery whenever
  an SNMPv3 security mechanism is in use.

publication request for
draft-ietf-opsawg-snmp-engineid-discovery-02.txt
for publication as a Proposed Standard


(1.a) Who is the Document Shepherd for this document? Scott
Bradner

Has the Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this version is
ready for forwarding to the IESG for publication? yes & yes

(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? yes, the document has gone through WGLC
where there were substantive comments made and the draft revised to deal
with the comments.

Does the Document Shepherd have any concerns about the depth or breadth
of the reviews that have been performed? no

(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective, e.g.,
security, operational complexity, someone familiar with AAA,
internationalization or XML? there are some security issues that I feel
are reasonably dealt with in the security considerations section but I
trust that the security ADs will review that section

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director and/or the
IESG should be aware of? no

For example, perhaps he or she is uncomfortable with certain parts of
the document, or has concerns whether there really is a need for it. no

In any event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those concerns
here. none

Has an IPR disclosure related to this document been filed? no

If so, please include a reference to the disclosure and summarize the WG
discussion and conclusion on this issue. N/A

(1.e) How solid is the WG consensus behind this document? not all
that many folk responded to the WGLC but the consensus seems fine

Does it represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and agree with
it? - only a few people seem interested

(1.f) Has anyone threatened an appeal or otherwise indicated
extreme discontent? no

If so, please summarise the areas of conflict in separate email messages
to the Responsible Area Director. (It should be in a separate email
because this questionnaire is entered into the ID Tracker.) N/A

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See
http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). yes

Boilerplate checks are not enough; this check needs to be thorough. Has
the document met all formal review criteria it needs to, such as the MIB
Doctor, media type and URI type reviews? - N/A

(1.h) Has the document split its references into normative and
informative? yes

Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? no

If such normative references exist, what is the strategy for their
completion? N/A

Are there normative references that are downward references, as
described in [RFC3967]? If so, list these downward references to
support the Area Director in the Last Call procedure for them [RFC3967].
no

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body of the
document? yes

If the document specifies protocol extensions, are reservations
requested in appropriate IANA registries? yes

Are the IANA registries clearly identified? yes

If the document creates a new registry, does it define the proposed
initial contents of the registry and an allocation procedure for future
registrations? yes

Does it suggest a reasonable name for the new registry? See [RFC2434].
yes

If the document describes an Expert Review process has Shepherd
conferred with the Responsible Area Director so that the IESG can
appoint the needed Expert during the IESG Evaluation? N/A

(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML code, BNF
rules, MIB definitions, etc., validate correctly in an automated
checker? N/A

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document Announcement
Write-Up? Recent examples can be found in the "Action" announcements
for approved documents. The approval announcement contains the
following sections:

Technical Summary
This document introduces a discovery mechanism which
can be used to learn the snmpEngineID of a remote SNMP protocol engine.
The proposed mechanism is independent of the features provided by SNMP
security models. The mechanism has been designed to co-exist with
discovery mechanisms that may exist in SNMP security models, such as the
authoritative engine identifier discovery of the User-based Security
Model (USM) of SNMP [RFC3414].

Working Group Summary
A number of issues were brought up during WGLC and have been
resolved in the current version of the ID. The WG


Document Quality
Bert Wijnen, Randy Presuhn and David Harrington reviewed the ID
during WGLC.