Re: [midcom] security recommendations in MIDCOM MIB draft
Wes Hardaker <wjhns1@hardakers.net> Fri, 06 July 2007 17:11 UTC
Return-path: <midcom-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I6rKi-0008S1-OP; Fri, 06 Jul 2007 13:11:04 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I6rKh-0008QT-Fy for midcom@ietf.org; Fri, 06 Jul 2007 13:11:03 -0400
Received: from dcn236-43.dcn.davis.ca.us ([168.150.236.43] helo=wes.hardakers.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I6rKd-0004tP-4G for midcom@ietf.org; Fri, 06 Jul 2007 13:11:03 -0400
Received: by wes.hardakers.net (Postfix, from userid 274) id EDC2B39A134; Fri, 6 Jul 2007 10:11:25 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Juergen Quittek <quittek@netlab.nec.de>
Subject: Re: [midcom] security recommendations in MIDCOM MIB draft
Organization: Sparta
References: <6AFFE92CEE03A3E6C2E61771@753F3B888A9969457862729D> <468CD3FB.4040203@ericsson.com> <DEBABF6939AEF2CFE63C3811@juergen-quitteks-computer.local>
Date: Fri, 06 Jul 2007 10:11:25 -0700
In-Reply-To: <DEBABF6939AEF2CFE63C3811@juergen-quitteks-computer.local> (Juergen Quittek's message of "Thu, 05 Jul 2007 20:24:29 +0200")
Message-ID: <sdk5td1mpu.fsf@wes.hardakers.net>
User-Agent: Gnus/5.110007 (No Gnus v0.7) XEmacs/21.4.19 (linux, no MULE)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17
Cc: midcom@ietf.org, Tim Polk <tim.polk@nist.gov>
X-BeenThere: midcom@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: midcom.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:midcom@ietf.org>
List-Help: <mailto:midcom-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=subscribe>
Errors-To: midcom-bounces@ietf.org
>>>>> "JQ" == Juergen Quittek <quittek@netlab.nec.de> writes: JQ> I don't think it would be appropriate to mandate in the MIDCOM MIB JQ> draft a specific way of achieving a sufficient level of security. I believe the wording I've seen doesn't do this. It uses RECOMMENDED and SHOULD to specify which particular implementation and deployment details are the best at this time (and maybe adding "at the time of this writing" is a good way forward as well). But, the important REQUIRED that should stay a REQUIRED is this one: It is REQUIRED that the implementations support the security features as provided by the SNMPv3 framework. Which merely says you must implement the security features in the framework. I believe the framework implies "a security model" and "an access control model", but not necessarily USM and VACM. The recommendations for USM and VACM come in the next sentence, which is relaxed to a RECOMMENDED to allow for other choices. It does also say that: In the draft, we explicitly state hat a MIDCOM MIB implementation MUST support SNMPv3. That's the only protocol-secure alternative at this time at least, and require implementations to support it makes sense. At this time. In the future if netconf or some other new protocol has the ability to access the MIDCOM MIB through a secure means, then it seems reasonable to let them not implement SNMPv3. At this time, however, that's not possible and SNMPv3 should be a MUST. Again, wording that allows for future deviations is a way around this. -- Wes Hardaker Sparta, Inc. _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom
- [midcom] security recommendations in MIDCOM MIB d… Juergen Quittek
- Re: [midcom] security recommendations in MIDCOM M… Lars Eggert
- Re: [midcom] security recommendations in MIDCOM M… Lars Eggert
- Re: [midcom] security recommendations in MIDCOM M… Magnus Westerlund
- Re: [midcom] security recommendations in MIDCOM M… Juergen Quittek
- Re: [midcom] security recommendations in MIDCOM M… Wes Hardaker
- Re: [midcom] security recommendations in MIDCOM M… Magnus Westerlund
- Re: [midcom] security recommendations in MIDCOM M… Melinda Shore
- Re: [midcom] security recommendations in MIDCOM M… Wes Hardaker
- Re: [midcom] security recommendations in MIDCOM M… Melinda Shore
- Re: [midcom] security recommendations in MIDCOM M… Wes Hardaker