Re: [Isms] #8: Do we need a mapping between the SSH key and SNMP engineID?

To: dbharrington at comcast.net
Subject: Re: [Isms] #8: Do we need a mapping between the SSH key and SNMP engineID?
From: Sam Hartman <hartmans-ietf at mit.edu>
Date: Sun, 16 Oct 2005 20:59:10 -0400
Cc: isms at ietf.org
In-reply-to: <200510132150.RAA19867@ietf.org> (David B. Harrington's message of "Thu, 13 Oct 2005 17:50:40 -0400")
List-archive: <http://www1.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@lists.ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-post: <mailto:isms@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
References: <200510132150.RAA19867@ietf.org>
Sender: isms-bounces at lists.ietf.org
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

>>>>> "David" == David B Harrington <dbharrington at comcast.net> writes:

    David> #8: Do we need a mapping between the SSH key (or other SSH
    David> engine identifier) and SNMP engineID? What happens if an
    David> agent "spoofs" another engineID, and an NMS perfoms a SET
    David> of sensitive parameters to the agent?

I cannot answer this question because I don't have enough
understanding of SNMP.  I can answer a related question.

You must authenticate each party  back to some name the user provided.

On the server: you will get a username out of ssh's user
authentication step.  You need to make an access control decision and
assign access rights based on that username.  (I'd argue that as a
general rule, that username is the only thing that in practice should
matter in terms of assigning those access rights.  The particular
credentials presented and the particular authentication type used
should not in general matter.  )

On the client, it is more tricky.  You need to securely map
information provided by the user into an ssh service to contact and a
username to present to that service.  Then, you need to make an access
control decision and determine if the credentials presented by that
service are acceptable.  If so, you need to decide as an access
control matter what PDUs are acceptable to send to the server.

The above is not SNMP specific.  The above is true of any ssh
application.  One of the primary challenges of this working group is
transalting that requirement into SNMP, possibly changing the
architecture in the process.

This will become more complicated because of notifications.


_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

References:
- [Isms] #8: Do we need a mapping between the SSH key and SNMP engineID?
  - From: David B Harrington

Prev by Date: Re: [Isms] #2: is server authentication a requirement that SNMP will require
Next by Date: Re: [Isms] #14: MUST the SSHSM model provide mutual authentication, etc.?
Previous by thread: [Isms] #8: Do we need a mapping between the SSH key and SNMP engineID?
Next by thread: [Isms] #9: Can an existing R/R session be reused for notifications?
Index(es):
- Date
- Thread

Re: [Isms] #8: Do we need a mapping between the SSH key and SNMP engineID?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.