Integrated Security Module for SNMP BOF (isms) Friday, August 6 at 0900-1130 ============================= CHAIRS: Wes Hardaker David Perkins AGENDA: Agenda Bashing 5 min Introduction to the problem space 10 min Charter Discussion 30 min Solution potentials: draft-kaushik-snmp-external-usm 10 min draft-hornstein-snmpv3-ksm 10 min draft-hardaker-snmp-session-sm 10 min Discussion Any remaining time DESCRIPTION: Version 3 of the Simple Network Management Protocol (SNMPv3) was completed recently and added security to the previous versions of the protocol. Although the enhanced protocol was secure, operators and administrators found that deploying it could be problematic in large distributions. This was due primarily to the addition of yet another authentication synchronization requirement across all networking devices. Most of these devices already contained local accounts and/or the ability to negotiate with authentication servers (e.g. RADIUS servers). However, SNMPv3 did not make use of these authentication mechanisms, and this caused additional synchronization burdens. The desire for a solution to this problem is well known among both IETF participants and Network Operators (an online survey was conducted and advertised to the NANOG community to be certain that this problem needed to be addressed in operational environments). There are already multiple solutions being proposed in internet-drafts. The primary goal for this BOF is to define a potential charter should the working group be created. The rest of the time will be allocated to discussing the problem and the proposed solutions.