RE: IPSEC MIBs?

Stephen Waters <Stephen.Waters@digital.com> Thu, 28 May 1998 08:04 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id EAA25054 for ipsec-outgoing; Thu, 28 May 1998 04:04:22 -0400 (EDT)
Message-ID: <250F9C8DEB9ED011A14D08002BE4F64C01959171@wade.reo.dec.com>
From: Stephen Waters <Stephen.Waters@digital.com>
To: Ran Atkinson <rja@inet.org>
Cc: ipsec@tis.com
Subject: RE: IPSEC MIBs?
Date: Thu, 28 May 1998 09:15:46 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.1960.3)
Content-Type: text/plain
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

There is nothing to prevent IPSEC being used to protect the SNMP
management stream, I take it?
Steve.

Stephen Waters
DEVON, UK

National: 01548 551012 / 550474
International: 44 1548 551012 / 550474
Stephen.Waters@Digital.com 


-----Original Message-----
From:	Ran Atkinson [SMTP:rja@inet.org]
Sent:	Thursday, May 28, 1998 3:11 AM
To:	Stephen Waters
Subject:	Re: IPSEC MIBs? 


Doing a useful MIB for IPsec would tend to reduce the
security of an IPsec implementation to the min(IPsec security,
SNMP security).  The latter (SNMP Security) is generally
accepted to be weaker (especially pre-SNMPv3, but even
with SNMPv3 in place).  

I'd suggest that weakening the security of an implementation
of a security protocol is probably not a good global optimisation.

Ran

IPSEC MIBs? Stephen Waters
Re: IPSEC MIBs? Robert Moskowitz
RE: IPSEC MIBs? Stephen Waters
RE: IPSEC MIBs? Paul Koning
RE: IPSEC MIBs? Cliff Wang