[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Review: IESG Agenda and Package for January 22, 2004 Telechat

To: Keith McCloghrie <kzm@cisco.com>
Subject: Re: Review: IESG Agenda and Package for January 22, 2004 Telechat
From: Pekka Savola <pekkas@netcore.fi>
Date: Sat, 24 Jan 2004 13:10:41 +0200 (EET)
Cc: j.schoenwaelder@iu-bremen.de, "\"Romascanu, Dan (Dan)\"" <dromasca@avaya.com>, "\"Wijnen, Bert (Bert)\"" <bwijnen@lucent.com>, "\"Mreview (E-mail)\"" <mreview@ops.ietf.org>, <ops-area@ops.ietf.org>
In-reply-to: <200401221952.LAA20304@cisco.com>

On Thu, 22 Jan 2004, Keith McCloghrie wrote:
> I'm sorry, but that is a second order effect, which is not part of the
> architecture.  Effectively, it's like a "secret society" which keeps
> its membership secret (i.e,. the users which belong to it), and 
> doesn't admit to its own existence.

Right.  You could count the community strings as being similar to a
"secret handsign".  Whoever produces the correct sign, is assumed to
belong to the community: both implying belonging to a community, and
acting as a means to signal that belonging (i.e., as a password).

> Specifically, the SNMPv1 specification says that a message which claims
> to be from one of the users in the community (i.e., in the usergroup) is
> automatically authentic.  That is, the purpose of a community string is
> to identify, not to authenticate.

At the times when SNMPv1 was specified, people probably thought that 
there is no need to authenticate, so the text becomes confusing to a 
reader of the modern era :-).

> A common scenario for SNMPv1/v2c agent configuration is to define a
> read community string and a read-write community string.  How many
> systems do you know where a single user has two passwords and gets
> different access privileges based on what password that user logins
> with ?

Many users actually have separate accounts to do separate tasks.  You
could log in as root (or perform additional authentication to do the
equal) or as your username :-).

> RFC 3584 contains the SNMP-COMMUNITY-MIB, which defines snmpCommunityTable
> to list the "community strings configured in the SNMP engine's Local
> Configuration Datastore" and each row provides "information about a
> particular community string".  Please note that the information in the
> table includes an SNMPv3 user name, and an SNMPv3 context.  If
> community string were passwords, why would you map them to SNMPv3 user
> names ??

I know little about SNMPv3, but if I understand correctly.. this seems
obvious.  As community strings act as authorization, and
identification (on the assumption that anyone who knows the string
belongs to a "secret society", like the above example), an SNMPv3 user
which has been authenticated (and at the same time, identified) can be
mapped directly to belong to a community -- instead of being a secret
society, it's a society of well-known membership.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Re: Review: IESG Agenda and Package for January 22, 2004 Telechat
  - From: Keith McCloghrie <kzm@cisco.com>

Prev by Date: Re: Review: IESG Agenda and Package for January 22, 2004 Telechat
Next by Date: RE: Review: IESG Agenda and Package for January 22, 2004 Telechat
Previous by thread: Re: Review: IESG Agenda and Package for January 22, 2004 Telechat
Next by thread: RE: Review: IESG Agenda and Package for January 22, 2004 Telechat
Index(es):
- Date
- Thread