This draft responds to the various comments received to date. The big changes
are as follows:
1. It proposes the creation of a new registry, which will initially be
identical to the TLS 1.2 Hashing Algorithm Identifier Table but will be
separate so that we can add new rows as needed to support future algorithms
without implying that those algorithms are valid for TLS 1.2. This required a
corresponding edit to the SnmpTLSFingerprint object to reference the new table.
2. It removes the previously proposed restrictions related to USM, prior SNMP
versions, and CommonName. The text from RFC 6353 still apply.
3. Several changes were made to reflect proper capitalization of key words in
conformance to BCP14 and I changed a couple of "MAY NOT"s (which are ambiguous)
to "MUST NOT".
NOTE: One comment that I could not address is whether OPSAWG should also be
updating RFC 7407 for YANG
Specific response to comments are provided below:
Is this an update or a replacement?
Assuming the reference to a new identifier table is allowed, it is a
minor update
Has the original author been contacted?
He was previously; I've included him on this email as well.
Remove anchors from the abstract
Done
Should this document be specific to 1.3?
The current approach is 100% backwards compatible with RFC 6353 so
works with 1.2 and 1.3. It is impossible to know what changes will be made in
the future, but the changes that have been made should make it more likely to
work with future versions of TLS
RFC 6353 has already been updated by 8996 (i.e., prohibiting prior TLS versions)
Added a reference to RFC8996
We should not change the status of USM
Text removed
Verify all key words are marked
All key words have been capitalized and within the body of the document
(i.e., not the MIB) they are marked with <bcp14> tags
Need to discuss multi-version
No need to as there is no real change to the MIB (just referencing a
different table, but all of the objects stay the same)
Concerns about designating new objects with "13"
With adopted approach, there are no longer any new objects
Missing closing quote on CONTACT INFO
Corrected and checked MIB text with a validator
Update "Simplified BSD" to "Revised BSD"
Done
Detail changes in the MIB's revision clause
Done
I also corrected a couple of spelling errors
Regards,
Ken Vaughn
Trevilon LLC
6606 FM 1488 RD #148-503
Magnolia, TX 77354
+1-936-647-1910
+1-571-331-5670 cell
kvau...@trevilon.com
www.trevilon.com
> On Mar 5, 2022, at 7:28 PM, internet-dra...@ietf.org wrote:
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Operations and Management Area Working Group
> WG of the IETF.
>
> Title : Transport Layer Security Version 1.3 (TLS 1.3)
> Transport Model for the Simple Network Management Protocol Version 3 (SNMPv3)
> Author : Kenneth Vaughn
> Filename : draft-ietf-opsawg-tlstm-update-01.txt
> Pages : 33
> Date : 2022-03-05
>
> Abstract:
> This document updates the TLS Transport Model (TLSTM), as defined in
> RFC 6353 to support Transport Layer Security Version 1.3 (TLS) and
> Datagram Transport Layer Security Version 1.3 (DTLS), which are
> jointly known as "(D)TLS". This document may be applicable to future
> versions of SNMP and (D)TLS.
>
> This document updates the SNMP-TLS-TM-MIB as defined in RFC 6353.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-opsawg-tlstm-update/
>
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ietf-opsawg-tlstm-update-01.html
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tlstm-update-01
>
>
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> OPSAWG mailing list
> OPSAWG@ietf.org
> https://www.ietf.org/mailman/listinfo/opsawg
>
_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg
