Re: ftp://ftp.cisco.com/fred/rreq-03.txt

"Louis A. Mamakos" <louie@alter.net> Wed, 04 January 1995 17:06 UTC

Message-Id: <QQxxgc06594.199501041641@rodan.UU.NET>
To: barns@cove.mitre.org
Cc: "Craig A. Finseth" <fin@unet.umn.edu>, rreq@isi.edu
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: "Louis A. Mamakos" <louie@alter.net>
Subject: Re: ftp://ftp.cisco.com/fred/rreq-03.txt
In-Reply-To: Your message of "Wed, 04 Jan 1995 10:43:09 EST." <9501041543.AA02143@cove.mitre.org.mitre.org>
Date: Wed, 04 Jan 1995 11:41:13 -0500

> I agree with the "it's too soon" contingent.  Reworking your thoughts
> into that straitjacket I come up with this proposal:  MUST SNMPv1.
> MAY (or SHOULD?) SNMPv2.  DISCUSSION: Transition from SNMPv1 to SNMPv2
> is a goal for a future Internet standard.  However, this is unlikely to
> occur until SNMPv2 is a full standard and more operational experience
> has been gained.  Also, such a transition cannot be carried out
> simultaneously throughout the operational Internet, so coexistence
> of both versions for some period of time is a practical necessity.

My really big problem with "MAY SNMPv2" is that some vendors build
products which are configured and managed almost exclusively with
SNMP.  In a real production network, this is really scary, having to
do SNMP SET operations with SNMPv1 and clear text community strings.

It's almost as bad as typing passwords in clear text over TELNET
connections.

The language and intent should make is painfully clear that there
should be some reasonably strong mechanisms to protect management
operations which affect the state of the router.  Protect against
eavesdropping, replay, etc.

I think that the transition issue is just so much smoke and mirrors.
There is no reason that an old, non-conformant device can't continue
to be managed with SNMPv1 or clear text TELNET sessions with reusable
passwords.  There is no "simultanous" conversion that has to occur.

I suspect that the new RREQ RFC will achive "standard" status after
the SNMPv2 RFC does, right?  This would be interesting information to
get from the SNMP folks.  I think that not mandating some sort of
secure management mechanism is doing a big disservice to folks that
build networks.  Real, operational experience on the internet supports
this requirement.

Louis A. Mamakos                              louie@alter.net
Backbone Architecture & Engineering Guy       uunet!louie
AlterNet / UUNET Technologies, Inc.
3110 Fairview Park Drive., Suite 570          Voice: +1 703 204 8023
Falls Church, Va 22042                        Fax:   +1 703 204 8001

ftp://ftp.cisco.com/fred/rreq-03.txt Fred Baker
Re: ftp://ftp.cisco.com/fred/rreq-03.txt David Waitzman
Re: ftp://ftp.cisco.com/fred/rreq-03.txt David Waitzman
Re: ftp://ftp.cisco.com/fred/rreq-03.txt bmanning
Re: ftp://ftp.cisco.com/fred/rreq-03.txt bmanning
Re: ftp://ftp.cisco.com/fred/rreq-03.txt Robert Elz
Re: ftp://ftp.cisco.com/fred/rreq-03.txt Scott Bradner
Re: ftp://ftp.cisco.com/fred/rreq-03.txt Scott Bradner
Re: ftp://ftp.cisco.com/fred/rreq-03.txt Bill Manning
Re: ftp://ftp.cisco.com/fred/rreq-03.txt Bill Manning
Re: ftp://ftp.cisco.com/fred/rreq-03.txt Mike O'Dell
Re: ftp://ftp.cisco.com/fred/rreq-03.txt Frank Kastenholz
Re: ftp://ftp.cisco.com/fred/rreq-03.txt Frank Kastenholz
Re: ftp://ftp.cisco.com/fred/rreq-03.txt Frank Kastenholz
Re: ftp://ftp.cisco.com/fred/rreq-03.txt Robert Elz
ftp://ftp.cisco.com/fred/rreq-03.txt Craig A. Finseth
Re: ftp://ftp.cisco.com/fred/rreq-03.txt David Waitzman
Re: ftp://ftp.cisco.com/fred/rreq-03.txt barns
Re: ftp://ftp.cisco.com/fred/rreq-03.txt Marshall Rose
Re: ftp://ftp.cisco.com/fred/rreq-03.txt David Waitzman
Re: ftp://ftp.cisco.com/fred/rreq-03.txt David Waitzman
Re: ftp://ftp.cisco.com/fred/rreq-03.txt David Waitzman
Re: ftp://ftp.cisco.com/fred/rreq-03.txt bmanning
Re: ftp://ftp.cisco.com/fred/rreq-03.txt Louis A. Mamakos
Re: ftp://ftp.cisco.com/fred/rreq-03.txt David Waitzman
Re: ftp://ftp.cisco.com/fred/rreq-03.txt barns
Re: ftp://ftp.cisco.com/fred/rreq-03.txt bmanning