Re: [Isms] IsmsQuestions on TLSTM/TSM and RFC 5343
"t.petch" <ietfc@btconnect.com> Mon, 24 January 2011 15:13 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: isms@core3.amsl.com
Delivered-To: isms@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BA8053A68F9 for <isms@core3.amsl.com>; Mon, 24 Jan 2011 07:13:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.335
X-Spam-Level:
X-Spam-Status: No, score=-2.335 tagged_above=-999 required=5 tests=[AWL=0.264, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r7DiRV-zuZEH for <isms@core3.amsl.com>; Mon, 24 Jan 2011 07:13:17 -0800 (PST)
Received: from mail.btconnect.com (c2beaomr08.btconnect.com [213.123.26.186]) by core3.amsl.com (Postfix) with ESMTP id 7E0E33A68E6 for <isms@ietf.org>; Mon, 24 Jan 2011 07:13:15 -0800 (PST)
Received: from host86-134-204-119.range86-134.btcentralplus.com (HELO pc6) ([86.134.204.119]) by c2beaomr08.btconnect.com with SMTP id BKZ12785; Mon, 24 Jan 2011 15:16:05 +0000 (GMT)
Message-ID: <00c801cbbbd0$bbb23080$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: Frank Fock <fock@agentpp.com>, Wes Hardaker <wjhns1@hardakers.net>
References: <4D32C788.5060604@agentpp.com> <sdvd1mvybg.fsf@wjh.hardakers.net> <4D3C6451.7020000@agentpp.com>
Date: Mon, 24 Jan 2011 15:12:24 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mirapoint-IP-Reputation: reputation=Fair-1, source=Queried, refid=tid=0001.0A0B0301.4D3D97B4.017C, actions=tag
X-Junkmail-Status: score=10/50, host=c2beaomr08.btconnect.com
X-Junkmail-Signature-Raw: score=unknown, refid=str=0001.0A0B0208.4D3D97B5.021F, ss=1, fgs=0, ip=0.0.0.0, so=2010-07-22 22:03:31, dmn=2009-09-10 00:05:08, mode=single engine
X-Junkmail-IWF: false
Cc: isms@ietf.org
Subject: Re: [Isms] IsmsQuestions on TLSTM/TSM and RFC 5343
X-BeenThere: isms@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mailing list for the ISMS working group <isms.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/isms>
List-Post: <mailto:isms@ietf.org>
List-Help: <mailto:isms-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jan 2011 15:13:18 -0000
----- Original Message ----- From: "Frank Fock" <fock@agentpp.com> To: "Wes Hardaker" <wjhns1@hardakers.net> Cc: <isms@ietf.org> Sent: Sunday, January 23, 2011 6:24 PM > Hi Wes, > > Thanks for your reply (and also those of Tom > and Juergen). > > I understand that RFC 5343 solves the > contextEngineID discovery problem, but > within the last 10 years with SNMPv3 > I learned, that most SNMPv3 users do not > understand the authoritative and context engine > ID concepts. > > There are also a couple of companies > creating SNMPv3 devices with identical > authoritative engine ID for all instances > of their device. We API developers are then > asked to work around these problems :-( That surprises me (and sounds like a potential disaster). To quote RFC3411 " Within an administrative domain, an snmpEngineID is the unique and unambiguous identifier of an SNMP engine. Since there is a one-to- one association between SNMP engines and SNMP entities, it also uniquely and unambiguously identifies the SNMP entity within that administrative domain. Note that it is possible for SNMP entities in different administrative domains to have the same value for snmpEngineID. Federation of administrative domains may necessitate assignment of new values." which seems clear, unless the concept of an engine is unclear. On the other hand, it is much easier to burn the same identifier into everything, rather than using a MAC address type approach and make each device unique. Perhaps we ask too much of those making devices. Tom Petch > > That's why I thought about simplifying > the SNMPv3 and making the discovery of > a contextEngineID unnecessary if not > required by the command generator. > > Nevertheless, I agree that using a single > magic contextEngineID for the local context, > would interfere with proxy applications, > for example. > > I will now first finish my implementation > and then make a complete report and analysis > of the result. This will also include using > contextEngineId discovery with USM. > > Best regards, > Frank > > > _______________________________________________ > Isms mailing list > Isms@ietf.org > https://www.ietf.org/mailman/listinfo/isms
- Re: [Isms] Questions on TLSTM/TSM and RFC 5343 t.petch
- [Isms] Questions on TLSTM/TSM and RFC 5343 Frank Fock
- Re: [Isms] IsmsQuestions on TLSTM/TSM and RFC 5343 Wes Hardaker
- Re: [Isms] Questions on TLSTM/TSM and RFC 5343 Juergen Schoenwaelder
- Re: [Isms] IsmsQuestions on TLSTM/TSM and RFC 5343 Frank Fock
- Re: [Isms] IsmsQuestions on TLSTM/TSM and RFC 5343 Wes Hardaker
- Re: [Isms] IsmsQuestions on TLSTM/TSM and RFC 5343 t.petch
- Re: [Isms] IsmsQuestions on TLSTM/TSM and RFC 5343 David Harrington
- Re: [Isms] IsmsQuestions on TLSTM/TSM and RFC 5343 Frank Fock