Re: Review: IESG Agenda and Package for January 22, 2004 Telechat

[Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>]

On Thu, Jan 22, 2004 at 08:21:26AM -0800, Keith McCloghrie wrote:
 
> SNMP community strings are not passwords.  A better analogy is that a
> SNMP community string is like a groupname to which multiple users
> belong.  RFC 1157 says:
> 
>    An SNMP message originated by an SNMP application entity that in fact
>    belongs to the SNMP community named by the community component of
>    said message is called an authentic SNMP message.  The set of rules
>    by which an SNMP message is identified as an authentic SNMP message
>    for a particular SNMP community is called an authentication scheme.
>    ...  Some SNMP implementations may wish to support only a trivial
>    authentication service that identifies all SNMP messages as
>    authentic SNMP messages.
> 
> So, with trivial authentication, the community string identifies a group
> of originators, and any message which correctly identifies the group is
> automatically authentic.

The quoted text talks several times about "authentication" of SNMP 
messages. For most people, a string that is used to "authenticate" 
a message is considered to be a password, regardless whether this 
string is to be shared by a group or not.

BTW, when I read the first time RFC 1157 many years ago, the concept
of communities was the most puzzling thing for me to understand. It
took some time until I realized that these are just passwords. ;-)

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany