RE: Genart review of draft-ietf-radext-dynauth-server-mib-05 / draft-ietf-radext-dynauth-client-mib-05

"Nelson, David" <dnelson@enterasys.com> Fri, 09 June 2006 15:49 UTC

Envelope-to: radiusext-data@psg.com
Delivery-date: Fri, 09 Jun 2006 15:50:16 +0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Genart review of draft-ietf-radext-dynauth-server-mib-05 / draft-ietf-radext-dynauth-client-mib-05
Date: Fri, 09 Jun 2006 11:49:56 -0400
Message-ID: <3CFB564E055A594B82C4FE89D215656021927A@MABOSEVS2.ets.enterasys.com>
Thread-Topic: Genart review of draft-ietf-radext-dynauth-server-mib-05 / draft-ietf-radext-dynauth-client-mib-05
Thread-Index: AcaK5OJHpf/LZqOqRs2mrIzBcVuXugA9rlzw
From: "Nelson, David" <dnelson@enterasys.com>
To: stefaan.de_cnodder@alcatel.be, Ron Bonica <rbonica@juniper.net>
Cc: gen-art@ietf.org, radiusext@ops.ietf.org

> > - Can I assume that it has passed MIB Rx Review? (It compiles
clean).

It has.

> > - Should this MIB *ever* be used in conjuntion with SNMPv1? I know
that
> > you *recommend* against it. But it seems that divulging the
information
> > in this mib to a hostile party might be pretty bad.

I think the standard warning is appropriate.  It SHOULD NOT be used in
conjunction with SNMPv1 in the general case.  There might be some
particular environments, e.g. enterprise LANs with protected management
VLANs, in which the operator is convinced that the use of SNMPv1 does
not give rise to any meaningful security risks.  I think that the
recommendation is appropriate, and one couldn't really mandate what
operators will do, in any event.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

RE: Genart review of draft-ietf-radext-dynauth-se… Nelson, David
Re: Genart review of draft-ietf-radext-dynauth-se… stefaan.de_cnodder