[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Review: IESG Agenda and Package for January 22, 2004 Telechat

To: j.schoenwaelder@iu-bremen.de, "\"Romascanu, Dan (Dan)\"" <dromasca@avaya.com>
Subject: RE: Review: IESG Agenda and Package for January 22, 2004 Telechat
From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
Date: Mon, 26 Jan 2004 00:14:49 +0100
Cc: "\"Mreview (E-mail)\"" <mreview@ops.ietf.org>, ops-area@ops.ietf.org, Keith McCloghrie <kzm@cisco.com>

Thanks for the reviews.
I have put them into the ID-tracker.

Thanks,
Bert 

> -----Original Message-----
> From: Juergen Schoenwaelder [mailto:j.schoenwaelder@iu-bremen.de]
> Sent: donderdag 22 januari 2004 17:51
> To: Keith McCloghrie
> Cc: "Romascanu, Dan (Dan)"; "Wijnen, Bert (Bert)"; "Mreview (E-mail)";
> ops-area@ops.ietf.org
> Subject: Re: Review: IESG Agenda and Package for January 22, 2004
> Telechat
> 
> 
> On Thu, Jan 22, 2004 at 08:21:26AM -0800, Keith McCloghrie wrote:
>  
> > SNMP community strings are not passwords.  A better analogy 
> is that a
> > SNMP community string is like a groupname to which multiple users
> > belong.  RFC 1157 says:
> > 
> >    An SNMP message originated by an SNMP application entity 
> that in fact
> >    belongs to the SNMP community named by the community component of
> >    said message is called an authentic SNMP message.  The 
> set of rules
> >    by which an SNMP message is identified as an authentic 
> SNMP message
> >    for a particular SNMP community is called an 
> authentication scheme.
> >    ...  Some SNMP implementations may wish to support only a trivial
> >    authentication service that identifies all SNMP messages as
> >    authentic SNMP messages.
> > 
> > So, with trivial authentication, the community string 
> identifies a group
> > of originators, and any message which correctly identifies 
> the group is
> > automatically authentic.
> 
> The quoted text talks several times about "authentication" of SNMP 
> messages. For most people, a string that is used to "authenticate" 
> a message is considered to be a password, regardless whether this 
> string is to be shared by a group or not.
> 
> BTW, when I read the first time RFC 1157 many years ago, the concept
> of communities was the most puzzling thing for me to understand. It
> took some time until I realized that these are just passwords. ;-)
> 
> /js
> 
> -- 
> Juergen Schoenwaelder		    International University Bremen
> <http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 
> 28725 Bremen, Germany
>

Prev by Date: Re: Review: IESG Agenda and Package for January 22, 2004 Telechat
Next by Date: Updates to rfc2011, rfc2096 others
Previous by thread: RE: Review: IESG Agenda and Package for January 22, 2004 Telechat
Next by thread: Status of MIB review guidelines draft
Index(es):
- Date
- Thread