[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Review: IESG Agenda and Package for January 22, 2004 Telechat

To: "Keith McCloghrie" <kzm@cisco.com>
Subject: RE: Review: IESG Agenda and Package for January 22, 2004 Telechat
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
Date: Thu, 22 Jan 2004 18:29:33 +0200
Cc: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>, "Mreview (E-mail)" <mreview@ops.ietf.org>, <ops-area@ops.ietf.org>

We probably understand this in our community, hence the use of quotation marks. However, the issue that I was raising is related to the broad use of the term in the document in discussion. Taking that approach, a community string may be used same way as a 'password' in a trivial authentication scheme.

Regards,

Dan



> -----Original Message-----
> From: Keith McCloghrie [mailto:kzm@cisco.com]
> Sent: 22 January, 2004 6:21 PM
> To: Romascanu, Dan (Dan)
> Cc: "Wijnen, Bert (Bert)"; "Mreview (E-mail)"; ops-area@ops.ietf.org
> Subject: Re: Review: IESG Agenda and Package for January 22, 
> 2004 Telechat
> 
> 
> > 2. Use of term 'password'
> > 
> > This document takes a very odd approach for the use of term 
> password,
> > especially for a security document. It starts by claiming in Section
> > 1.8 that 'password' will be used in a very broad way, kind 
> of an alias
> > for 'security token'. However, this is not consistently followed and
> > almost all other instances of 'password' in the document 
> refer to the
> > old good interpretation that we all knew. On the other hand, other
> > types of 'passwords' like SNMP community strings get 
> special treatment
> > in some sections.
> 
> SNMP community strings are not passwords.  A better analogy is that a
> SNMP community string is like a groupname to which multiple users
> belong.  RFC 1157 says:
> 
>    An SNMP message originated by an SNMP application entity 
> that in fact
>    belongs to the SNMP community named by the community component of
>    said message is called an authentic SNMP message.  The set of rules
>    by which an SNMP message is identified as an authentic SNMP message
>    for a particular SNMP community is called an authentication scheme.
>    ...  Some SNMP implementations may wish to support only a trivial
>    authentication service that identifies all SNMP messages as
>    authentic SNMP messages.
> 
> So, with trivial authentication, the community string 
> identifies a group
> of originators, and any message which correctly identifies 
> the group is
> automatically authentic.
> 
> Keith.
>

Prev by Date: Re: Review: IESG Agenda and Package for January 22, 2004 Telechat
Next by Date: Re: Review: IESG Agenda and Package for January 22, 2004 Telechat
Previous by thread: Re: Review: IESG Agenda and Package for January 22, 2004 Telechat
Next by thread: RE: Review: IESG Agenda and Package for January 22, 2004 Telechat
Index(es):
- Date
- Thread