[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Isms] Summary of Authorize Only issue

To: <isms@ietf.org>, <radiusext@ops.ietf.org>
Subject: RE: [Isms] Summary of Authorize Only issue
From: "Nelson, David" <dnelson@enterasys.com>
Date: Thu, 27 Jul 2006 13:00:04 -0400

David Harrington writes...

> We separated the security and transport mappings from the message
> format in the RFC3411 architecture; SNMPv3 refers to a message format.

It also implies the only version with any real security.

> Please do not bind these concepts unnecessarily in your RADIUS
> proposal.

I think we can simplify the naming, as Dan suggests, and refer to SNMP
over SSH.  We can add a statement in the security considerations section
that strongly recommends use only with SNMP versions that have real
security, i.e. v3 (and higher).

> I can envision an SNMPv4 message processing model that uses an XML
> message encoding to improve compatibility with netconf and with data
> models from other SDOs.

Good luck with that!  :-)  

> I do not see a technical engineering reason to limit the RADIUS
> authorization to SNMPv3 over SSH, as compared to SNMP over SSH.

Right, but I think it might be fodder for the security considerations
section.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: Follow up on Authorize Only issue (was RE: [Isms] ISMS session
Next by Date: RE: Consensus Call: "Sense of the Room" at RADEXT WG meeting at IETF 66
Previous by thread: RE: [Isms] Summary of Authorize Only issue
Index(es):
- Date
- Thread