Re: [Isms] Comments on the BTSMS proposal

To: Tom Petch <nwnetworks at dial.pipex.com>
Subject: Re: [Isms] Comments on the BTSMS proposal
From: Juergen Schoenwaelder <j.schoenwaelder at iu-bremen.de>
Date: Tue, 2 Aug 2005 13:20:18 +0200
Cc: Sam Hartman <hartmans-ietf at mit.edu>, isms at ietf.org
In-reply-to: <027601c59747$73468200$0601a8c0@pc6>
List-archive: <http://www1.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@lists.ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-post: <mailto:isms@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
Mail-followup-to: Tom Petch <nwnetworks at dial.pipex.com>, EKR <ekr at rtfm.com>, Sam Hartman <hartmans-ietf at mit.edu>, isms at ietf.org
References: <200507151618.MAA22560@ietf.org> <tsloe8kxr1q.fsf@cz.mit.edu> <86oe8kb70n.fsf@romeo.rtfm.com> <027601c59747$73468200$0601a8c0@pc6>
Reply-to: j.schoenwaelder at iu-bremen.de
Sender: isms-bounces at lists.ietf.org
User-agent: Mutt/1.5.9i

On Tue, Aug 02, 2005 at 11:48:19AM +0200, Tom Petch wrote:

> When security is outside SNMP, at the transport layer, then
> somewhere in the SNMP engine needs to tell TMSM or transport what is
> wanted, which then says yes or no; and the level on the wire may
> exceed what is requested (eg authPriv v authNoPriv) which, IMHO,
> needs recording in the packet (where?) and needs passing up the
> stack of the recipient (how?).

The TMSM document discusses this in some detail. I fail to see why you
think it is necessary to touch the flags in the SNMP packet. Can you
please elaborate?

> None of this is in the architecture or ASIs.  And recall that the
> PDU is ASN.1 so the transport layer cannot readily set or reset
> flags in it, even in the space set aside for security parms ie we
> are in a sense modifying the SNMPv3 PDU format by moving the
> securityParms outside the ASN.1 SEQUENCE.

The TMSM document currently proposes to pass this information between
the pieces of the split security model via a cache referred to by a
cache reference. Again, I like to understand why you think it is
necessary to change the SNMPv3 PDU format.

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany

_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] Comments on the BTSMS proposal
  - From: Tom Petch

References:
- [Isms] Comments on the BTSMS proposal
  - From: David B Harrington
- Re: [Isms] Comments on the BTSMS proposal
  - From: Sam Hartman
- Re: [Isms] Comments on the BTSMS proposal
  - From: Eric Rescorla
- Re: [Isms] Comments on the BTSMS proposal
  - From: Tom Petch

Prev by Date: Re: [Isms] Comments on the BTSMS proposal
Next by Date: [Isms] agenda and presentations of today's session
Previous by thread: Re: [Isms] Comments on the BTSMS proposal
Next by thread: Re: [Isms] Comments on the BTSMS proposal
Index(es):
- Date
- Thread

Re: [Isms] Comments on the BTSMS proposal

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.