RE: Review of Management Authorization -00 document

["David B. Nelson" <d.b.nelson@comcast.net>]

Bernard Aboba writes...

> > 1      SNMP
> > 2      Web-based
> > 3      NETCONF
> > 4      FTP
> > 5      TFTP
> > 6      CP
> 
> What does Web-based mean?  Is it something other than HTTP?

No, but HTTP can be used for other things that a web page (HTML), for
example NETCONF (XML) over HTTP.  This was to distinguish "classic"
web-based management interfaces from other things that might use the HTTP
transport.

> > 1      Default
> > 2      SSH
> > 3      TLS
> > 4      DTLS
> > 5      BEEP
> > 6      SOAP
> 
> What does default mean?  Insecure transport (e.g. TCP/UDP)?

It might mean that, assuming that the standard transport used is one of
those.  For example, for web-based management (HTML over HTTP) the default
transport is TCP.

> Does SNMP over Default mean SNMP over UDP or TCP?

The default transport for SNMP is UDP.

> With respect to TLS/DTLS, what mode is intended?  Mutual auth with certs?
> Server-only auth?  TLS-PSK?

This document doesn't go into that level of NAS configuration detail.  Do
you think those parameters ought to be provisioned via RADIUS attributes?




--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>