Re: [Isms] #8: Do we need a mapping between the SSH key and SNMPengineID?

To: "Blumenthal, Uri" <uri.blumenthal at intel.com>
Subject: Re: [Isms] #8: Do we need a mapping between the SSH key and SNMPengineID?
From: Sam Hartman <hartmans-ietf at mit.edu>
Date: Mon, 17 Oct 2005 18:18:09 -0400
Cc: isms at ietf.org
In-reply-to: <3DEC199BD7489643817ECA151F7C592902015490@pysmsx401.amr.corp.intel.com> (Uri Blumenthal's message of "Mon, 17 Oct 2005 11:22:00 -0400")
List-archive: <http://www1.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@lists.ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-post: <mailto:isms@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
References: <3DEC199BD7489643817ECA151F7C592902015490@pysmsx401.amr.corp.intel.com>
Sender: isms-bounces at lists.ietf.org
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

>>>>> "Blumenthal," == Blumenthal, Uri <uri.blumenthal at intel.com> writes:

    Blumenthal,> This implies that different engines should have
    Blumenthal,> different public keys.  Otherwise from security point
    Blumenthal,> of view only one SNMP engine will be allowed on one
    Blumenthal,> SSH host.

I don't follow because as you point out:

    Blumenthal,> An alternative: all the security will depend on "SSH
    Blumenthal,> layer" - something responsible for all the SSH
    Blumenthal,> communications of this host, and multiplexing traffic
    Blumenthal,> between various services that use SSH for protection.

right.  In this model, you need a name to address PDUs to the snmp
engines, but the security binding is handled at the ssh layer.


_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

References:
- RE: [Isms] #8: Do we need a mapping between the SSH key and SNMPengineID?
  - From: Blumenthal, Uri

Prev by Date: [Isms] ssh session restart
Next by Date: Re: [Isms] #2: is server authentication a requirement that SNMP willrequire
Previous by thread: Re: [Isms] #8: Do we need a mapping between the SSH key and SNMPengineID?
Next by thread: RE: [Isms] #8: Do we need a mapping between the SSH key and SNMPengineID?
Index(es):
- Date
- Thread

Re: [Isms] #8: Do we need a mapping between the SSH key and SNMPengineID?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.