[Isms] review of draft-nelson-radius-management-authorization-04
"David Harrington" <ietfdbh@comcast.net> Sat, 17 March 2007 20:56 UTC
Return-path: <isms-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HSfwv-0002KV-5R; Sat, 17 Mar 2007 16:56:25 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HSfwu-0002JU-7p for isms@ietf.org; Sat, 17 Mar 2007 16:56:24 -0400
Received: from alnrmhc13.comcast.net ([206.18.177.53]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HSfv3-0007Oi-5v for isms@ietf.org; Sat, 17 Mar 2007 16:54:30 -0400
Received: from harrington73653 (unknown[63.118.136.212]) by comcast.net (alnrmhc13) with SMTP id <20070317205427b1300pubdfe>; Sat, 17 Mar 2007 20:54:28 +0000
From: David Harrington <ietfdbh@comcast.net>
To: isms@ietf.org
Date: Sat, 17 Mar 2007 16:54:13 -0400
Message-ID: <007a01c768d6$6c05d4c0$f471743f@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Thread-Index: Acdo1hLUptPeMdlfTbKGj7vwOCDiqg==
X-Spam-Score: 1.1 (+)
X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab
Cc:
Subject: [Isms] review of draft-nelson-radius-management-authorization-04
X-BeenThere: isms@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isms>
List-Post: <mailto:isms@lists.ietf.org>
List-Help: <mailto:isms-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
Errors-To: isms-bounces@lists.ietf.org
Hi, I support this proposal. I think it would benefit from an introduction that discusses "named policy" access controls before the discussion of the RADIUS attributes to support "named policies". Abstract s/Aauthentication/Authentication/ 1. The document uses terminology from RFC2865 ..." Identify the titles of these RFCs. 3. It is unclear to me why the management-policy-id is for framed management only. Why not also for non-framed protocols? 4. s/is by means outside/is outside/ then add a sentence pointing out examples of policy-specification mechanisms that could be applied, including MIBs, PIBs, XML configuration model, local configuration files, etc. 5. This section seems incomplete. s/this attributes/this attribute/ "one new attribute" - but doesn't section introduce a second new attribute? 6.1 "left to right" would this be network-order? "one new value" aren't there two? 7.1 s/SNMP v3/SNMPv3/ Can this be used to specify snmpv1 and snmpv2c? We are not recommendign their use, only acknowledgeing their presence in real networks, and discussing how to apply policies to them. 9. proxy needs to be identified as RADIUS and/or Diameter proxy to distinguish it from SNMP proxy. Note that the SNMP proxy-forwarder application never opens the PDU and does not apply any access control based on the PDU contents. 11. I find the combination of "framed management protocol" and "non-framed-management-security" a bit odd. David Harrington dharrington@huawei.com dbharrington@comcast.net ietfdbh@comcast.net _______________________________________________ Isms mailing list Isms@lists.ietf.org https://www1.ietf.org/mailman/listinfo/isms
- [Isms] review of draft-nelson-radius-management-a… David Harrington