Before I go and check the details... [...] TLSTMv1.3 MUST only be used with (D)TLS version 1.2 and later.
What does this MUST tell me? There is no definition of TLSTMv1.3 nor do we version MIB modules. I understand the intention of the statement but we need to be more careful about the wording. And what about this: [...] In addition, a new entry MUST be added to the SNMP-TLSTM HashAlgorithm Registry every time a new hash algorithm is approved for any version of TLS or DTLS. Why would that be a MUST? The SnmpTLSFingerprint is used by the MIB module to hash certificates and as such this hashing has nothing to do with any TLS internal use of hash algorithms. The reuse of the TLS hash registry back then was a matter of convenience, not a matter of having a strong binding to the TLS internal usage of hash algorithms. /js On Thu, May 05, 2022 at 10:09:45AM -0500, Kenneth Vaughn wrote: > I have uploaded a new version of the "Updates to the TLS Transport Model for > SNMP". This version includes the following changes: > Changed the name of the registry to the SNMP-TLSTM registry > Updated reference to DTLS 1.3 to reflect the publication of RFC 9147 > Clarified the first paragraph of Conventions to indicate that references to > TLS, DTLS, (D)TLS, and TLSTM are version neutral except where specific > versions need to be cited. > Changed "SNMPv3" to "SNMP" in several locations where the specific version > reference was unnecessary with our convention statement > Indicated that Additional Rules for TLS 1.3 "may additionally apply to future > versions of TLS" > The document has been through several review cycles and has also been vetted > by the TLS WG. At this point, changes are primarily editorial and I believe > it is stable enough to proceed to the next step of the approval process. > > Regards, > Ken Vaughn > > Trevilon LLC > 6606 FM 1488 RD #148-503 > Magnolia, TX 77354 > +1-936-647-1910 > +1-571-331-5670 cell > kvau...@trevilon.com > www.trevilon.com > > > On May 5, 2022, at 10:07 AM, internet-dra...@ietf.org wrote: > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > This draft is a work item of the Operations and Management Area Working > > Group WG of the IETF. > > > > Title : Updates to the TLS Transport Model for SNMP > > Author : Kenneth Vaughn > > Filename : draft-ietf-opsawg-tlstm-update-03.txt > > Pages : 30 > > Date : 2022-05-05 > > > > Abstract: > > This document updates the TLS Transport Model (TLSTM), as defined in > > RFC 6353, to reflect changes necessary to support Transport Layer > > Security Version 1.3 (TLS 1.3) and Datagram Transport Layer Security > > Version 1.3 (DTLS 1.3), which are jointly known as "(D)TLS 1.3". > > This document is compatible with (D)TLS 1.2 and is intended to be > > compatible with future versions of SNMP and (D)TLS. > > > > This document updates the SNMP-TLS-TM-MIB as defined in RFC 6353. > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-opsawg-tlstm-update/ > > > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-opsawg-tlstm-update-03.html > > > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tlstm-update-03 > > > > > > Internet-Drafts are also available by rsync at > > rsync.ietf.org::internet-drafts > > > > > > _______________________________________________ > > OPSAWG mailing list > > OPSAWG@ietf.org > > https://www.ietf.org/mailman/listinfo/opsawg > > > > _______________________________________________ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg -- Jürgen Schönwälder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <https://www.jacobs-university.de/> _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
