RE: [Isms] securityName

To: "'Fleischman, Eric'" <eric.fleischman at boeing.com>, "'Tom Petch'" <nwnetworks at dial.pipex.com>, "'Kaushik Narayan'" <kaushik at cisco.com>
Subject: RE: [Isms] securityName
From: "David B Harrington" <ietfdbh at comcast.net>
Date: Mon, 1 Aug 2005 23:30:20 -0400
Cc: isms at ietf.org
In-reply-to: <474EEBD229DF754FB83D256004D021080EC437@XCH-NW-6V1.nw.nos.boeing.com>
List-archive: <http://www1.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@lists.ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-post: <mailto:isms@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
Reply-to: ietfdbh at comcast.net
Sender: isms-bounces at lists.ietf.org
Thread-index: AcWTnuZaf94TTiXvQfayXjKcs8iQRwDPRAvQAAGYfbAAAK97kAALCqsg

Hi Eric,

Have you tried writing a proposal for a security model that utilizes
Kerberos or PKI? 

The ISMS WG might be willing to accept it even if it is not from Wes's
list. 

Otherwise, if it fits with the SNMPv3 architecture, even if it is not
"the" ISMS protocol, you might get it published as experiemntal or
informational, and once ISMS finishes, you can probably submit it to
be considered for standards-track. The SNMPv3 architecture was
designed to allow multiple security models, so it wouldn't be in
conflict with the SNMPv3 strategy.

Step up and write down your detailed proposal.

David Harrington
dbharrington at comcast.net

> -----Original Message-----
> From: Fleischman, Eric [mailto:eric.fleischman at boeing.com] 
> Sent: Monday, August 01, 2005 6:31 PM
> To: ietfdbh at comcast.net; Tom Petch; Kaushik Narayan
> Cc: isms at ietf.org
> Subject: RE: [Isms] securityName
> 
> From: David B Harrington [mailto:ietfdbh at comcast.net] 
> >Why are you waiting for a standards body to develop 
> >something custom-fitted to your environment?
> 
> David,
> 
> Our environment, other than its vast size, isn't very different than
a
> great many other end users. Ever since the 1980s my employer has
been
> actively encouraging standards-based approaches because those 
> approaches
> have the best business cases by far (i.e., custom-fit just 
> doesn't scale
> over time).
> 
> This is why all of my postings have been arguing for ISMS to 
> make SNMPv3
> directly be able to use standard authentication 
> infrastructures such as
> Kerberos, PKI, and Radius. These infrastructures are widely 
> deployed and
> are universally deployed by all large end users that I know about. I
> discourage this WG leveraging Wes' authentication list 
> because that was
> taken from ISPs, and ISPs are very different than us end users, who
> perhaps have orders of magnitude more SNMP products deployed 
> than ISPs.
> 
> The view from my knot-hole is that SNMPv3 currently has a unique
> security system that not only is needlessly expensive to 
> deploy, but it
> is also extremely difficult to implement securely in vast 
> deployments of
> multi-vendor equipment due to vendor product differences. I 
> believe that
> this would be remedied by having SNMP conform to using one or more
> standard authentication technologies.
> 
> --Eric
> 
> 
> 



_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

References:
- RE: [Isms] securityName
  - From: Fleischman, Eric

Prev by Date: RE: [Isms] securityName
Next by Date: [Isms] BTSM presentation
Previous by thread: RE: [Isms] securityName
Next by thread: Re: [Isms] securityName
Index(es):
- Date
- Thread

RE: [Isms] securityName

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.