ATLANTA, GEORGIA, September 26, 1995 - Is SNMPv2 Really Dead? In a word, no. The factors driving demand for SNMPv2 - enhanced security, more efficient exchange of management data - loom larger now than ever before. The process of specifying, implementing, testing, and deploying these critically needed extensions to SNMP will continue at an accelerated pace during the next few months. However, there is a question as to when these efforts will again become a part of a chartered IETF Working Group.
There has been considerable confusion and uncertainty regarding the status and future of version 2 of the Internet-standard management framework based on the Simple Network Management Protocol (SNMPv2).
The purpose of this press release is to summarize and clarify the situation.
The Internet Engineering Task Force (IETF) rechartered the SNMPv2 Working Group in November 1994 to prepare recommendations regarding the advancement of SNMPv2 to Draft Standard status. Although work continued in the interim, the Working Group had officially been dormant since 1993 when it completed its charter with the publication of 12 documents specifying SNMPv2 which were declared to be Proposed Standards by the Internet Engineering Steering Group (IESG), the relevant standards-setting body.
In June 1995, the Working Group completed a ``tune-up'' of the documents after about eight months of effort, multiple meetings, considerable electronic mail discussions, and incorporation of many of the approximately 130 changes which were proposed for consideration.
However, two of the primary authors of SNMPv2 had nagging concerns about the results of the open process and proposed a complete rewrite of the security aspects and administrative framework. The IETF extended the deadline for completion by only about eight weeks to consider their proposal and any other counter-proposals brought forward by other members of the working group. Approximately 15 such proposals were submitted and discussed.
Partial Consensus Reached
Although the allotted time was unreasonably short to consider a complete rewrite, the Working Group was able to reach partial consensus by the deadline of September 15th. There was general agreement on 11 of the documents comprising SNMPv2, but the group was unable to reach consensus on the remaining documents. In particular, no concensus was reached on the security and administrative frameworks, the area of the design which was re-opened. The discussions in this area narrowed on two competing sets of specifications but the group was unable to come to closure in the short time which was allocated. As a result, an alternative administrative framework based on SNMPv1 with no security was recommended in order to salvage the investment in other aspects of SNMPv2.
At the deadline, the consensus of the Working Group was an agreement in principle to:
Shortly thereafter, (to the chagrin of many Working Group members) the IETF Area Director for Network Management informed the Working Group that it will be disbanded upon completion of the 11 documents. She stated that the Working Group will be restarted in the 4th quarter of 1996 in spite of the strong concensus of the Working Group to continue without delay. The Area Director also stated that independent work is expected to continue in the interim on the security and administrative framework aspects.
The Working Group is currently considering new drafts of the 11 documents to see if they adequately reflect the agreement in principle. By IETF rules, this process requires at least two weeks.
The next step, assuming agreement can be reached on the 11 drafts, is for a recommendation from the Working Group to the IESG to result in a "Last Call" for comments to be issued by the IESG, and the resolution of any comments resulting from the Last Call. The Last Call typically lasts for two weeks. The normal result is the pronouncement of a change in the standardization status, to be followed soon thereafter by the publication of the relevant documents as RFCs.
The internetworking industry abhors the vacuum resultig from the lack of secure and interoperable SNMPv2 products, and cannot tolerate delay. There is a critical need for SNMPv2 technologgy which incorporates security including authentication and privacy within an appropriate administrative framework which can be configured remotely.
While this mismatch between these internetworking industry requirements and the current Area Director's schedule creates a question as to when these efforts will again become a part of a chartered IETF Working Group, there is no question that work will continue to specify, implement, test, and deploy these critically needed features. The only question is when these efforts will become part of a chartered IETF Working Group. Work will begin before the 4th quarter of 1996.
When the 11 documents currently under consideration are published, a request will be filed for a new Working Group charter. As unbelieveable as it may sound, based on the Area Director's stated schedule, this request will almost certainly be denied.
However, the decision with regard to chartering a Working Group is the purview of the entire IESG, not an individual Area Director; hence, an appeal to that body may be successful. If a Working Group is chartered, efforts to build an industry-standard and IETF standard will continue in that venue.
If an IETF Working Group is not chartered in a timely fashion, the work to build a ``short-term interim standard'' in the industry will begin by those who have worked on the specifications to date and are interested in continuing without delay. The resulting specifications will be submitted for consideration as an IETF standard when the IETF is interested in chartering the work.
Ideally, the standard can be both an IETF standard and an industry standard. However, if only one is possible, it is preferable for it to be a well-accepted industry standard than to repeat the unhappy experience of having an IETF standard which is not accepted by the industry.
In either case, it is expected that representatives from multiple leading vendors in the SNMP industry will work together to define an appropriate specification. This is far preferable than each vendor implementing their own proprietary security mechanisms which would inevitably lead to interoperability problems.
This press release is accompanied by three collateral documents, two of which are reproductions of the original sources:
For further information about SNMPv2, contact SNMP Research, Incorporated, 3001 Kimberlin Heights Road, Knoxville, Tennessee, 37920. Telephone: +1 423 573-1434.
SNMP Research, Incorporated produces a family of network management products based on the Simple Network Management Protocol (SNMP) and other protocols including agent and network management station software for the computer and communications industries. SNMP Research's founder, Dr. Jeff Case, has long been a contributor in the area of SNMP as an author of many of the relevant sepcifications and has written a multitude of articles and papers on the topic. As a result of his efforts, SNMP Research is in a leadership position with respect to defining the standards and constructing implementations based on SNMP. SNMP Research's implementations of SNMP for management stations and agents form the basis for many of today's implementations.
(NOTE: The e-mail below has been reformatted, but is otherwise exactly what was sent to the SNMPv2 Working Group mailing list.)
From: Bob Stewart
For further information, contact SNMP Research International, Inc.
3001 Kimberlin Heights Road