Re: [midcom] security recommendations in MIDCOM MIB draft

Lars Eggert <lars.eggert@nokia.com> Wed, 04 July 2007 06:30 UTC

Return-path: <midcom-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I5yNZ-00039n-Ve; Wed, 04 Jul 2007 02:30:21 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I5yNZ-00039h-3K for midcom@ietf.org; Wed, 04 Jul 2007 02:30:21 -0400
Received: from smtp.nokia.com ([131.228.20.172] helo=mgw-ext13.nokia.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1I5yNY-00067O-Hd for midcom@ietf.org; Wed, 04 Jul 2007 02:30:21 -0400
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext13.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l646TfvP006630; Wed, 4 Jul 2007 09:30:02 +0300
Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 4 Jul 2007 09:29:59 +0300
Received: from mgw-int01.ntc.nokia.com ([172.21.143.96]) by esebh104.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Wed, 4 Jul 2007 09:29:59 +0300
Received: from [172.21.34.161] (esdhcp034161.research.nokia.com [172.21.34.161]) by mgw-int01.ntc.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l646Tv7t015474; Wed, 4 Jul 2007 09:29:57 +0300
In-Reply-To: <6AFFE92CEE03A3E6C2E61771@753F3B888A9969457862729D>
References: <6AFFE92CEE03A3E6C2E61771@753F3B888A9969457862729D>
Mime-Version: 1.0 (Apple Message framework v752.3)
Message-Id: <01D6CAF6-5E1F-413B-843C-20BFB3D38F79@nokia.com>
From: Lars Eggert <lars.eggert@nokia.com>
Subject: Re: [midcom] security recommendations in MIDCOM MIB draft
Date: Wed, 4 Jul 2007 09:29:51 +0300
To: ext Juergen Quittek <quittek@netlab.nec.de>
X-Mailer: Apple Mail (2.752.3)
X-OriginalArrivalTime: 04 Jul 2007 06:29:59.0429 (UTC) FILETIME=[BED78350:01C7BE04]
X-Nokia-AV: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024
Cc: midcom@ietf.org, Tim Polk <tim.polk@nist.gov>, ops-ads@tools.ietf.org
X-BeenThere: midcom@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: midcom.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:midcom@ietf.org>
List-Help: <mailto:midcom-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0968832431=="
Errors-To: midcom-bounces@ietf.org

On 2007-7-3, at 14:33, ext Juergen Quittek wrote:
> Now, Tim suggests to explicitly deprecate the use of (insecure)  
> previous
> versions of SNMP, for example with a phrase like
>
>  "Deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED.
>   Instead it is RECOMMENDED to deploy SNMPv3 and to enable
>   cryptographic security."
>
> Are there any opinions about adding such a phrase to the security
> considerations?

This is a general applicability statement on the use of various SNMP  
versions and extensions, which IMO isn't for MIDCOM to make, at least  
not without prior review by the OPS area. But given the well-known  
problems with older versions of SNMP, maybe there already is a  
statement by the OPS area to that effect that the MIDCOM draft can  
simply point to?

Lars
_______________________________________________
midcom mailing list
midcom@ietf.org
https://www1.ietf.org/mailman/listinfo/midcom