Re: [Isms] open issues

To: <isms at ietf.org>
Subject: Re: [Isms] open issues
From: "Randy Presuhn" <randy_presuhn at mindspring.com>
Date: Tue, 22 Apr 2008 20:02:22 -0600
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=mindspring.com; b=IRoI65bhIo4X4de7b6nzNWKgIaN1ng5avSqiLtdIpuhYsWcWAawAPhbVP4w6DvSA; h=Received:Message-ID:From:To:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Sender: isms-bounces at ietf.org

Hi -

> From: "Randy Presuhn" <randy_presuhn at mindspring.com>
> To: <isms at ietf.org>
> Sent: Tuesday, April 22, 2008 6:54 PM
> Subject: Re: [Isms] open issues
...
> Think of a notification subscription as an information retrieval request,
> and the notification as the (potentially much-delayed) response.  How
> do we know the "response" (the notification) is going to the party that
> requested it and not someone else?  After all, *anything* could have
> been configured as the notification destination.  In the case of USM,
> it's the symmetric key used by the notification subscriber that implicitly
> makes this binding, and prevents anyone else from getting at the data first.
> (If the data isn't encrypted, the whole question is really moot.)
...

To be absolutely clear, this is *not* to say that the key used to configure
the destination is remembered.   The association happens through
snmpTargetParamsSecurityName in the snmpTargetParamsTable.
The value of snmpTargetParamsSecurityName isn't necessarily the
same as the securityName in use by the entity configuring the subscription.
(See section 5 of RFC 3413 for details.)

Randy

_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Prev by Date: Re: [Isms] open issues
Next by Date: Re: [Isms] open issues
Previous by thread: Re: [Isms] open issues
Next by thread: Re: [Isms] RADEXT WG Last Call on NAS Management Authorization Specification
Index(es):
- Date
- Thread

Re: [Isms] open issues

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.