Re: Review: IESG Agenda and Package for January 22, 2004 Telechat

[Pekka Savola <pekkas@netcore.fi>]

On Thu, 22 Jan 2004, Keith McCloghrie wrote:
> But, I can't agree that commuinity string is close to the more technical
> definition of a password where each user has a different password, and
> knowing the password serves to authenticate you as that user.  In this
> technical sense, a community string is closer to a username.  If you
> had "realized that they are just" usernames, would that similarly
> have triggered the understanding ??
> 
> So, my assertion is that describing an SNMP community string as a
> password is only OK if the document in question is aimed at a
> non-technical audience.

You don't assume usernames are confidential.  However, you do assume 
the passwords are.  Community strings are supposed to be confidential 
(except when explicitly deciding they should be public knowledge).  
Therefore community strings act like passwords, authenticating a user 
or a group of users.

my 2 cents..

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings