[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Isms] Summary of Authorize Only issue
David Harrington writes...
> We separated the security and transport mappings from the message
> format in the RFC3411 architecture; SNMPv3 refers to a message format.
It also implies the only version with any real security.
> Please do not bind these concepts unnecessarily in your RADIUS
I think we can simplify the naming, as Dan suggests, and refer to SNMP
over SSH. We can add a statement in the security considerations section
that strongly recommends use only with SNMP versions that have real
security, i.e. v3 (and higher).
> I can envision an SNMPv4 message processing model that uses an XML
> message encoding to improve compatibility with netconf and with data
> models from other SDOs.
Good luck with that! :-)
> I do not see a technical engineering reason to limit the RADIUS
> authorization to SNMPv3 over SSH, as compared to SNMP over SSH.
Right, but I think it might be fodder for the security considerations
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.