Re: Reply to review comments from Pekka Savola (1 of ?)

[George Jones <gmj@pobox.com>]

On Wed, 25 Feb 2004, Pekka Savola wrote:

> > 04>   Examples.
> > 04>
> > 04>      See [RFC3631] for a current list of mechanisms that can be used
> > 04>      to support secure management.
> > 04>
> > 04>      Later sections list requirements for supporting in-band
> > 04>      management (Section 2.2) and out-of-band management (Section
> > 04>      2.3) as well as trade-offs that must be weighed in considering
> > 04>      which is appropriate to a given situation.
> >
> > I could leave it at that (easiest, citing well thought out and well
> > reviewed general advice) or revert to a table  showing protocols
> > grouped by class (logging, time, routing) vs requirement
> > (confidentiality, integrity, etc.)
>
> The problem with the above statement is that RFC3631 lists "security
> primitives" (in a way) which different protocols-to-be-secured could
> use to achieve the security properties.  This might lead to a
> disconnect which you're probably referring to.  How do we get from the
> list of "ways to add security in a system in general" to "secure
> protocols" ?

Right.   Options see to be to leave it general or try to list specific
protocols for each mgt area noting the gaps (secure logging). More
thought needed.  I'd be open to ideas.

> > Better ?
> >
> > 04> unless out-of-band management resources have reserved.</t>
>
> Yep. ("have been reserved" ?)

Fixed.

---George