RE: [Isms] securityName

["Fleischman, Eric" <eric.fleischman at boeing.com>]

From: David B Harrington [mailto:ietfdbh at comcast.net] 
>Why are you waiting for a standards body to develop 
>something custom-fitted to your environment?

David,

Our environment, other than its vast size, isn't very different than a
great many other end users. Ever since the 1980s my employer has been
actively encouraging standards-based approaches because those approaches
have the best business cases by far (i.e., custom-fit just doesn't scale
over time).

This is why all of my postings have been arguing for ISMS to make SNMPv3
directly be able to use standard authentication infrastructures such as
Kerberos, PKI, and Radius. These infrastructures are widely deployed and
are universally deployed by all large end users that I know about. I
discourage this WG leveraging Wes' authentication list because that was
taken from ISPs, and ISPs are very different than us end users, who
perhaps have orders of magnitude more SNMP products deployed than ISPs.

The view from my knot-hole is that SNMPv3 currently has a unique
security system that not only is needlessly expensive to deploy, but it
is also extremely difficult to implement securely in vast deployments of
multi-vendor equipment due to vendor product differences. I believe that
this would be remedied by having SNMP conform to using one or more
standard authentication technologies.

--Eric



_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms