[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The RADIUS attribute space: an assessment
On Wed, Jun 28, 2006 at 07:44:59PM -0700, Glen Zorn (gwz) wrote:
> A perfect example of this is the current nonsense going on in the
> isms WG, in which you are involved I believe. Even w/i the "ivory
> tower", neither the IESG (nor you) are willing to give any guidance
> as to the appropriate use of AAA protocols _for new work_: nobody
> has deployed isms, it's not even close to being done, but they are
> using RADIUS (or trying to break it) & AFAIK no one but me has ever
> mentioned that Diameter fulfills their AAA needs perfectly.
ISMS is there with a simple goal - make SNMP security happen by
reusing and integrating with what is already out there.
I do not have a diameter server, I do not have diameter PAM libraries,
the switches and routers I have do not talk diameter. This is the
reality we are facing and trying to work with. And operators also seem
to rely much more on radius than anything else.
We have a secure version of SNMP which is full standard but not as
widely deployed as it should be. The SNMP community has gone through
all the discussions you are having here before and we learned in the
process that simply declaring something a standard does have close to
zero impact when it comes to deployment.
/js
PS: In the SNMPv3 case, we have several open implementations and
newer devices also support it but still it is not being used - so
an open implementation is in my view necessary but not a sufficient
step for success.
--
Juergen Schoenwaelder International University Bremen
<http://www.eecs.iu-bremen.de/> P.O. Box 750 561, 28725 Bremen, Germany
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>