IETF Logo Mail Archive

RE: [Isms] SSHSM RADIUS Integrationdraft(draft-narayan-isms-sshsm-radius-01.txt) submitted

"David B. Nelson" <d.b.nelson@comcast.net> Thu, 15 March 2007 12:22 UTC

Return-path: <isms-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HRoy4-0003kp-SJ; Thu, 15 Mar 2007 08:22:04 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HRoy3-0003kU-1R for isms@ietf.org; Thu, 15 Mar 2007 08:22:03 -0400
Received: from sccrmhc11.comcast.net ([204.127.200.81]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HRoy1-0003hZ-1B for isms@ietf.org; Thu, 15 Mar 2007 08:22:03 -0400
Received: from newton603 (c-24-61-11-96.hsd1.nh.comcast.net[24.61.11.96]) by comcast.net (sccrmhc11) with SMTP id <2007031512220001100ak649e>; Thu, 15 Mar 2007 12:22:00 +0000
From: "David B. Nelson" <d.b.nelson@comcast.net>
To: isms@ietf.org
References: <618694EF0B657246A4D55A97E38274C30325ECA6@xmb-sjc-22d.amer.cisco.com> <019701c76673$54139470$0600a8c0@china.huawei.com>
Subject: RE: [Isms] SSHSM RADIUS Integrationdraft(draft-narayan-isms-sshsm-radius-01.txt) submitted
Date: Thu, 15 Mar 2007 08:19:59 -0400
Message-ID: <001101c766fc$409fe180$6401a8c0@NEWTON603>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <019701c76673$54139470$0600a8c0@china.huawei.com>
Thread-Index: Acdmbc1EfazkBdlySeOyq4YZUbSbAwAAnfyAACLLchA=
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22
Cc:
X-BeenThere: isms@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isms>
List-Post: <mailto:isms@lists.ietf.org>
List-Help: <mailto:isms-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
Errors-To: isms-bounces@lists.ietf.org

David Harrington writes... 

> Currently, we do not pass the tmStateReference into the 
> IsAccessAllowed ASI. I don't think we even pass it to the 
> applications, and the applications call IsAccessAllowed, 
> so you may be talking about changing a few ASIs.

The modularity of the current SNMP architecture seems to be predicated upon
the notion that passing around securityName is all that is ever needed.
That seems to be predicated on the notion that there is a local
configuration store that contains useful information addressed by
securityName.  That seems to imply USM or something very much like it.  If
we really want to break the ties to USM, we're going to need to address this
issue.

> Another way to approach the problem would be to use a MIB
> to store the transport&security information in a local 
> configuration database addressable by 
> securityName/securityModel/securityLevel and 
> transportDomain/Address. Another RADIUS-specific MIB could 
> contain RADIUS information, and that MIB could AUGMENT the 
> transport&security MIB.

So, maybe that is one way to address the issue.  I'll need a bit to time to
absorb all this...




_______________________________________________
Isms mailing list
Isms@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

v2.23.0 | Report a Bug | By Email