Hi, thank you for your suggestions very much. The way of notification is the same as SNMP, which is implemented by Trap.
Our security considations are as follows: There are three solutions to the security problem in SNMP Usage for RELOAD. The first option is shared key based solution, which is SNMPv3 security solution (USM). The second option is PKI based security solution, which is to use the certificate of RELOAD to authenticate and encrypt the SNMP messages. The third option is DTLS based security solution, which uses the secure DTLS links to transfer the SNMP message. The second and third options aren’t supported by current SNMP manager and agent, and need large changes. So we recommend the first option. But it’s difficult to distribute securely the keys to large numbers of agents in the SNMP security solution. In this document, we distribute the key to each agent by the certificate mechanism of RELOAD. ************************************************* 邮 件:[email protected] 内 线:81543 外 线:025-52871543 手 机:13776637274 传 真:025-52872187 ************************************************* "Randy Presuhn" <[email protected]> 发件人: [email protected] 2011-06-10 01:16 收件人 <[email protected]> 抄送 主题 Re: [OPSAWG] We have submitted a drafts on SNMP usages for P2P networks. We would like to get some suggestions from SNMP experts on the scenario and design for P2P network management. The link to the draft is in the body of this email. thanks! Hi - > From: <[email protected]> > To: <[email protected]> > Cc: <[email protected]> > Sent: Wednesday, June 08, 2011 8:43 PM > Subject: [OPSAWG] We have submitted a drafts on SNMP usages for P2P networks. We would like to get some suggestions from SNMP experts on the scenario and design for P2P network management. The link to the draft is in the body of this email. thanks! > > http://tools.ietf.org/id/draft-peng-p2psip-snmp-01.txt ... Skimming the draft, it was unclear to me how a few details would work in this approach. I think it would be helpful to explicitly talk about (1) how notifications are intended to work (2) key provisioning (indeed, provisioning in general) (3) what security model is in use I *think* it might be helpful to treat this as a new transport model, but you'll need to think through just how authentication and privacy are to be handled (e.g., is it just USM atop RELOAD, or does RELOAD provide the security services?). This decision may interract with how, for example, notification and Disman targets are configured. In particular, consider whether you need to support the case where only *some* of the SNMP interractions between two systems are carried via RELOAD. Randy _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg -------------------------------------------------------- ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. This message has been scanned for viruses and Spam by ZTE Anti-Spam system.
_______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
