[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Review of Management Authorization -00 document
> OK. You might say "HTTP/HTML" or something like that.
If that's more clear, then sure. I though web-based management was pretty
> I thought you need to specify what "default" means for each
> Framed-Management entry.
Oh. That could easily be done, for ease of reference, although it is
normatively defined in other documents.
> Is it possible to specify SNMP over TCP? TCP is not on the list of
No. The enumerated values of the Management-Transport-Protocol attribute
are intended to describe the _secure_ transport (e.g. TLS), that sits on top
of the transport (e.g. TCP). Why would it be valuable to be able to specify
Should we have a better name for things like SSH and TLS than "secure
transport"? Does that cause confusion with "classic" transports?
> Personally, I prefer that they not be. But without specifying exactly
> what is meant, it's not clear what "TLS" means. For example, you might
> say "TLS with server-side authentication".
One might say that. Is it important to know how the TLS session keys were
derived or just that a TLS session is being used to protect the management
I see this as supporting a high-level policy that system administrators use
protected methods of managing the NAS, as opposed to unprotected methods.
Do we need to go deeper than that?
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.