Minutes of the Telnet TN3270E Enhancements (tn3270e) Working Group Reported by: Ed Bailey I.Summary: The tn3270e Enhancements Working Group conducted two 1-hour sessions on Tuesday 8/12/97 at 3:45 p.m. and 5:00 p.m. with approximately 12 people in attendance. The 3:45pm session opened with a brief discussion of the charter, activity on the listsrv, and use of the IETF web pages. The results of the most recent interoperability testing held in May at Cisco Systems were reviewed along with WG plans for the next interoperability testing. The submission of the tn3270e Internet Draft to the IESG for Draft status was proposed with no objections. Then, discussion proceeded to the activities currently underway on the use of TLS and IPSEC for security for the remainder of the first session. The 5:00pm session was devoted to the review of the Internet drafts for tn3270e management and Response Time MIBs. A number of suggested changes were identified which will be added to the drafts and reposted as updates on the listsrv. II. Detail (first hour session): The charter will be updated to reflect the progress of the working group. In particular, the update will address the rewrite of rfc1647 into the tn3270e internet draft, its last call in the working group and submission to the IESG for draft status. Based upon the second inter- operability testing which included 11 organizations and representing an array of client and server implementations, the working group is confident that consistent interpretations are possible with the latest internet draft and is ready for draft status. The WG Chair will work with the Area Directors on the IESG submission. The next interoperability testing is planned for October, 1997. The exact date and location will be posted on the list in the following weeks after Munich. More emphasis on printing and tn5250 is anticipated. A number of enhancements are being discussed in the working group (see minutes of Memphis 97). In particular, security, and network management are at the forefront. Demand for tn3270 security is high. SSL3 has no reference spec yet TLS and IPSEC may not be ready soon enough for us. In light of current IETF activities on TLS and IPSEC, the working group will implement security negotiations based upon TLS with the ability to "fall back" to SSL3.0 which should suffice initially. Most new implementation will be on SSL3.1 (TLS). General deployment of SSL3.0 in corporate networks will pressure implementations to use it for tn3270 as well. The wg decided to separate the base telnet security need into a separate document. Michael Boe will be publishing this document. Some of the other comments and observations are as follows. There are existing challenge/response mechanisms in place for most of the tn3270/tn5250 applications. The use of encryption is used to protect passwords from flowing in the clear but is has too high overhead to encrypt all the traffic. More discussion on the list is needed to address the use of encryption and certificates. III. Detail (second hour session): Network management of tn3270 sessions requires certain instrumentation in the client and server to allow for seting and getting certain relevant performance and configuration information. The tn3270e base mib and the tn3270e rt mib are intended to specify the minimum instrumentation for managing tn3270e connections. Although fairly complete, review of these two draft documents led to a number of changes to enhance the implementation and understanding of the information. A revision will be made and posted on the list for review in the next 30 days following Munich. Most changes evolved the use of the ipaddr and port numbers for better granularity, additional information in base, and positioning with the application mib. The revised drafts will identify the individual changes. Some additional comments included ipv6 naming, use of timingmarks, and consistency with SNAMS response time management. An informational rfc will be produced to note the rationale for the mib variables and how they can be used. From - Tue Sep 09 15:22:00 1997 Received: from ietf.org by ietf.org id aa12670; 9 Sep 97 13:55 EDT Received: from vnet.ibm.com by ietf.org id aa12664; 9 Sep 97 13:55 EDT Received: from RALVM5 by VNET.IBM.COM (IBM VM SMTP V2R3) with BSMTP id 3241; Tue, 09 Sep 97 13:55:04 EDT Date: Tue, 9 Sep 97 13:53:25 EDT Sender:minutes-request@ietf.org From: bart@vnet.ibm.com To: minutes@ietf.org Subject: tn3270e meeting minutes Message-ID: <9709091355.aa12664@ietf.org> Status: X-Mozilla-Status: 8001 Minutes of the Telnet TN3270E Enhancements (tn3270e) Working Group Reported by: Ed Bailey I.Summary: The tn3270e Enhancements Working Group conducted two 1-hour sessions on Tuesday 8/12/97 at 3:45 p.m. and 5:00 p.m. with approximately 12 people in attendance. The 3:45pm session opened with a brief discussion of the charter, activity on the listsrv, and use of the IETF web pages. The results of the most recent interoperability testing held in May at Cisco Systems were reviewed along with WG plans for the next interoperability testing. The submission of the tn3270e Internet Draft to the IESG for Draft status was proposed with no objections. Then, discussion proceeded to the activities currently underway on the use of TLS and IPSEC for security for the remainder of the first session. The 5:00pm session was devoted to the review of the Internet drafts for tn3270e management and Response Time MIBs. A number of suggested changes were identified which will be added to the drafts and reposted as updates on the listsrv. II. Detail (first hour session): The charter will be updated to reflect the progress of the working group. In particular, the update will address the rewrite of rfc1647 into the tn3270e internet draft, its last call in the working group and submission to the IESG for draft status. Based upon the second inter- operability testing which included 11 organizations and representing an array of client and server implementations, the working group is confident that consistent interpretations are possible with the latest internet draft and is ready for draft status. The WG Chair will work with the Area Directors on the IESG submission. The next interoperability testing is planned for October, 1997. The exact date and location will be posted on the list in the following weeks after Munich. More emphasis on printing and tn5250 is anticipated. A number of enhancements are being discussed in the working group (see minutes of Memphis 97). In particular, security, and network management are at the forefront. Demand for tn3270 security is high. SSL3 has no reference spec yet TLS and IPSEC may not be ready soon enough for us. In light of current IETF activities on TLS and IPSEC, the working group will implement security negotiations based upon TLS with the ability to "fall back" to SSL3.0 which should suffice initially. Most new implementation will be on SSL3.1 (TLS). General deployment of SSL3.0 in corporate networks will pressure implementations to use it for tn3270 as well. The wg decided to separate the base telnet security need into a separate document. Michael Boe will be publishing this document. Some of the other comments and observations are as follows. There are existing challenge/response mechanisms in place for most of the tn3270/tn5250 applications. The use of encryption is used to protect passwords from flowing in the clear but is has too high overhead to encrypt all the traffic. More discussion on the list is needed to address the use of encryption and certificates. III. Detail (second hour session): Network management of tn3270 sessions requires certain instrumentation in the client and server to allow for seting and getting certain relevant performance and configuration information. The tn3270e base mib and the tn3270e rt mib are intended to specify the minimum instrumentation for managing tn3270e connections. Although fairly complete, review of these two draft documents led to a number of changes to enhance the implementation and understanding of the information. A revision will be made and posted on the list for review in the next 30 days following Munich. Most changes evolved the use of the ipaddr and port numbers for better granularity, additional information in base, and positioning with the application mib. The revised drafts will identify the individual changes. Some additional comments included ipv6 naming, use of timingmarks, and consistency with SNAMS response time management. An informational rfc will be produced to note the rationale for the mib variables and how they can be used.