RE: [Isms] #1: is it important to support anonymous user access toSNMP?

["David T. Perkins" <dperkins at dsperkins.com>]

HI,

Maybe you didn't see my previous post on this....

Everywhere today you see examples of "anonymous clients" retrieving
info via an authenticated server via a channel with integrity
and possibly encryption.

Let me provide you an example with SNMP....

Consider a public facility (maybe a library) that has free
network access. Consider management applications that could
be used to determine the availability of some resource
(such as a printer). In this situation, it would be
impractical to give each user a unique identity so
that they could use SNMP to determine the status
of the printers. If the identities of the printers
were not authenticated (or the communication not
integrity checked) then someone could fake that
a printer was unavailable so that they could
have exclusive access.

There are GAZILLION of similar examples! 

On Thu, 20 Oct 2005, Glen Zorn (gwz) wrote:

> Miao Fuyou <> supposedly scribbled:
> 
> > It may be a practical feature for some scenarios. In the same time I
> > believe supporting anonymity is heavily dependent to access control
> > policies, and it may not be orthogonal to access control model.  
> > 
> 
> ...
> 
> >> From draft-hardaker-snmp-session-sm-03.txt: "SNMP message exchange
> > that is authenticated and even private when the session initiator or
> > responder is anonymous." 
> > 
> > This is a new feature provided by SBSM. Can we establish consensus
> > that a) this is needed or b) this is not needed? 
> 
> Let me get something straight here: we are talking about _management_, right?  I find it really hard to imagine an instance in which we wouldn't care who was managing a device, or the manager wouldn't care what device is being managed...
> 
> > 
Regards,
/david t. perkins


_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms