[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Reply to review comments from Pekka Savola (1 of ?)

To: "Pekka Savola" <pekkas@netcore.fi>, "George Jones" <gmj@pobox.com>
Subject: RE: Reply to review comments from Pekka Savola (1 of ?)
From: "Harrington, David" <dbh@enterasys.com>
Date: Wed, 25 Feb 2004 14:01:07 -0500
Cc: <opsec@ops.ietf.org>

Hi,
 

> > 04>      See [RFC3631] for a current list of mechanisms 
> that can be used
> > 04>      to support secure management.
> 
> The problem with the above statement is that RFC3631 lists "security 
> primitives" (in a way) which different protocols-to-be-secured could 
> use to achieve the security properties.  This might lead to a 
> disconnect which you're probably referring to.  How do we get 
> from the 
> list of "ways to add security in a system in general" to "secure 
> protocols" ?

I will point out that SNMPv3 isn't mentioned in RFC3631, and SNMPv3 is a
full standard for secure Internet network management. SNMPv3 uses some
of the primitives identified in RFC3631 to provide the security. SNMPv3
was designed to be able to change which primitives are used, so new
primitives can be used as they become available, and stronger (or
weaker) primitives can be used that best meet deployment requirements.

I think "See [RFC3631] for a current list of mechanisms that can be used
to support secure management." is not helpful. As Jeff Schiller used to
say, "just use IPSec" isn't enough; you need to describe how it will
interact with other protocols to provide a secure environment.

Dbh

Follow-Ups:
- RE: Reply to review comments from Pekka Savola (1 of ?)
  - From: George Jones <gmj@pobox.com>

Prev by Date: Re: Reply to review comments from Pekka Savola (1 of ?)
Next by Date: Reply to reveiw comments from Pekka Savola (2 of ?)
Previous by thread: Re: Reply to review comments from Pekka Savola (1 of ?)
Next by thread: RE: Reply to review comments from Pekka Savola (1 of ?)
Index(es):
- Date
- Thread