[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: review of NAS-MManagement-authroization

To: <radiusext@ops.ietf.org>
Subject: FW: review of NAS-MManagement-authroization
From: "David B. Nelson" <dnelson@elbrysnetworks.com>
Date: Wed, 17 Oct 2007 12:57:43 -0400
Cc: "'David Harrington'" <ietfdbh@comcast.net>
Organization: Elbrys Networks, Inc.

> -----Original Message-----
> From: David Harrington [mailto:ietfdbh@comcast.net]
> Sent: Wednesday, October 17, 2007 1:29 AM
> To: 'David B. Nelson'
> Cc: radext@ietf.org
> Subject: review of NAS-MManagement-authroization
> 
> Hi,
> 
> I'm not sure of the radext ML address. Please forward to radext if it
> isn't radext@ietf.org
> 
> Overall this document looks good. I strongly support its development.
> A few comments:
> 
> section 3.
> Should netconf be included in the list of framed-protocols?
> 
> The second paragraph feels a bit rambling.
> 
> section 4.
> "contain the name of a management access rights policy"
> "containing policy name"
> can this be more than one policy name?
> 
> section 5
> Is Transport-Protocool really only valid for the CLI?
> Should it be named CLI-Transport-Protocol to help make that
> unambiguous?
> The examples in section 8 show it applies to more than just CLI.
> 
> section 7.1
> I have not yet walked through the various combinations of SNMP
> components (message formats vs transports).
> I think SNMP-Transport-Model only covers a small set of possibilities.
> More research is needed on this.
> 
> section 7.2
> Should this be named MManagement-Transport-Protocol to differentiate
> it from other service-related parameters?
> /managemetn/management/
> 
> While we definitely want this with SSH and TLS, is there a case for
> having this with SNMPv1/UDP and other non-secure transports?
> 
> section 7.3
> SNMP does not support sessions, although the transport over which SNMP
> runs may have sessions.
> Does the term session here refer to an SNMP session? If so, that is a
> problem.
> 
> /NAS SHOULD treat the packet/NAS MUST treat the packet/? Under what
> circumstances would it be acceptable to not reject?
> 
> "It is recommended" to use UTF-8. Should UTF-8 support be mandatory to
> implement?
> 
> section 9
> "what this specification says" and "what is said" seem quaint ways of
> describing this. Would it be better to specify the sections where
> things are said, or is this language a common approach for
> RADIUS-Diameter coordination?
> 
> section 10
> /proxy environments/RADIUS proxy environments/ to differentiate this
> from SNMP proxy environments.
> 
> section 13
> "within local area networks" - I'm not sure this can be justified.
> Many protocols originally designed for use only within local araea
> networks actually get used over the Internet. Do we actually have any
> mechanism to prevent this from happening, or is it just recommended
> that it be restricted to use in a LAN?
> 
> I think the last paragraph should include a statement at the end,
> recommending that management protocols should support data access
> controls to prevent the disclosure of inofrmation to help prevent
> unauthorized management access.
> 
> Throughout
> There are mentions of VACM. These should be couched as examples, since
> SNMP can theoretically support multiple ACMs.
> 
> David Harrington
> dbharrington@comcast.net
> ietfdbh@comcast.net
> 



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Re: Guidelines suggested text for checklist:
Next by Date: FW: DISCUSS and COMMENT: draft-ietf-radext-rfc3576bis
Previous by thread: RFC3580 Clarification / Tunnel-Medium-Type / Clarification
Next by thread: FW: DISCUSS and COMMENT: draft-ietf-radext-rfc3576bis
Index(es):
- Date
- Thread