Let's not prune back to V1 security. Was: Re: Configuring...
"Karl Auerbach, Empirical Tools and Technologies, 408/427-5280" <karl@empirical.com> Wed, 19 May 1993 20:09 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa09899;
19 May 93 16:09 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa09895;
19 May 93 16:09 EDT
Received: from thumper.bellcore.com by CNRI.Reston.VA.US id aa25131;
19 May 93 16:09 EDT
Received: by thumper.bellcore.com (4.1/4.7)
id <AA24030> for ietf-archive@nri.reston.va.us; Wed, 19 May 93 16:10:13 EDT
Received: from TGV.COM (HQ.TGV.COM) by thumper.bellcore.com (4.1/4.7)
id <AA23958> for /usr/lib/sendmail -oi -fowner-snmp2 X-snmp2;
Wed, 19 May 93 16:10:06 EDT
Received: from mel-brooks.empirical.com ([161.44.128.66]) by TGV.COM via
INTERNET ; Wed, 19 May 93 13:09:53 PDT
Received: from karl.sheriff-bart.empirical.com by mel-brooks.empirical.com
(4.1/SMI-4.1) id AA06360; Wed, 19 May 93 13:10:10 PDT
Date: Wed, 19 May 93 13:10:10 PDT
Message-Id: <9305192010.AA06360@mel-brooks.empirical.com>
To: ayr@gtech.com
Subject: Let's not prune back to V1 security. Was: Re: Configuring...
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: "Karl Auerbach, Empirical Tools and Technologies,
408/427-5280" <karl@empirical.com>
Reply-To: karl@empirical.com
Cc: snmp@psi.com, snmp2@thumper.bellcore.com
X-Orig-Sender: karl@mel-brooks.empirical.com
Repository: empirical.com
Originating-Client: sheriff-bart.empirical.com
> > The original message on this thread was a about configuring community > > strings, a V1 concept. Hence my principle text was how one might do > > some V2 things in V1. > I would like to explore the inverse of this idea; that is, how to make > V1-like things under V2. The general idea is to define a subset of > the V2 security/authentication mechanism which is the functional > equivalent of V1 as to both (1) requirements on the underlying > agent and (2) community-based security. I suspect that there are others out there who have the same goal. But I would not want to support an effort to create a subset that had as little security as V1. We *really* need that improved security to get people to really use set-request (at which point I expect we'll see a whole new set of snmp "interesting situations" arise.) The benefits gained by the V2 authentication functions are worth the cost, in my opinion. (I don't want to express an opinion on the privacy parts of V2 other than what I have said in prior notes.) > IMHO, it seems to me that it is worth while at least to check how > feasible it is. So, do not beat up on me too much if it is wrongheaded. I'd better not comment much on that. Please recognize that nobody out there is a horrible, malignant presence. Rather, everybody on these lists is really working towards network management nirvina, but some of us have less graceful ways of writing than others, with myself being one of the extreme examples of being able to use exactly the wrong words at the wrong time. BTW -- I haven't had time to read the technical content of your note yet. --karl--
- Let's not prune back to V1 security. Was: Re: Con… Karl Auerbach, Empirical Tools and Technologies, 408/427-5280