RE: [Isms] #1: is it important to support anonymous user accesstoSNMP?

["Nelson, David" <dnelson at enterasys.com>]

Whether or not "it" is a useful feature in ISMS, I pedantically oppose
use of the term "authenticated anonymous access" to describe "it".  As
explained in this thread, "it" is access by means of a security
association in which one party is authenticated and the other party is
anonymous.  I still claim that it is meaningless to say that an
anonymous entity has been authenticated, and that's what "authenticated
anonymous access" says if you parse it using standard syntax rules for
the English language.

In the "one party authenticated, one party anonymous" scenario, the two
parties still need to have some form of shared credential for any
authentication to occur.  One example of this is when the anonymous
party has a local trust anchor (e.g. an X.509 certificate chain) that
allows it to authenticate the non-anonymous party.  This certainly works
with modern web browsers.

The need for non-enrolled, non-authenticated entities to obtain access,
for monitoring purposes, may make sense in some scenarios.  But do the
non-authenticated entities need to be anonymous?  I use the word
anonymous in its traditional security protocol meaning, i.e. the
identity of the entity is not disclosed and cannot be determined.


_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms