Re: [Isms] open issues

To: <isms at ietf.org>
Subject: Re: [Isms] open issues
From: "David B. Nelson" <d.b.nelson at comcast.net>
Date: Wed, 23 Apr 2008 19:13:48 -0400
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
In-reply-to: <000601c8a56a$e95f1c20$6801a8c0 at oemcomputer>
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <20080422210355.GA12678 at elstar.local><002401c8a4dc$869f3400$6801a8c0 at oemcomputer><20080423064530.GC13183 at elstar.local><000d01c8a513$af1af400$6801a8c0 at oemcomputer><20080423084701.GE13273 at elstar.local> <000601c8a56a$e95f1c20$6801a8c0 at oemcomputer>
Sender: isms-bounces at ietf.org
Thread-index: AcilcyiJyFbInvdBQLOkKJ0u1qVGAgAIePMA

Randy Presuhn writes...

> Our architecture, both on the manager and on the agent ends,
> strongly assumes that security mechanisms are able to authenticate
> to the granularity of a principal.  RFC 3411 sections 3.2.1 and 3.2.2
> should make that clear.  If SSH doesn't provide (or can't be made to
> provide) that service, then it's not suitable.

The authentication inherent to SSH is asymmetric.  It was originally
designed to facilitate users logging into remote hosts.  An SSH client is
able (by various SSH Authentication Methods) to authenticate to an SSH
server at the granularity of a principal.  An SSH server authenticates to
the SSH client at the granularity of a host (i.e. the host identity of the
SSH server).

If you assume that the shared keys of USM are shared at the granularity of a
principal at both the agent and management station ends on an SNMP
connection, then USM provides symmetric authentication at the granularly of
a principal.

In order to provide authentication at the granularity of a principal in the
notification case for SSHTM, one would presumably require that the agent act
as an SSH client and present principal granularity credentials for
authentication by the SSH server, i.e. the management station.

The fly in the ointment here is that one of the primary reasons for having
SSHTM is to avoid the need to provision credentials (at principal
granularity) on all the managed entities in an organization.  In the case of
a management station sending SNMP commands to an agent, we assume that the
management station application, or the user invoking that application, has
an identity that can be validated via some method such as AAA, at the agent.
That identity may become from some non-volatile configuration store, or it
may come from the user's login credentials.  I think that the latter case is
more common.

It is perfectly possible to provision device credentials in the non-volatile
configuration store of the managed entities (notification generators) if you
are willing to experience USM-like scaling properties.

_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] open issues
  - From: Randy Presuhn

References:
- Re: [Isms] open issues
  - From: Juergen Schoenwaelder
- Re: [Isms] open issues
  - From: Randy Presuhn
- Re: [Isms] open issues
  - From: Juergen Schoenwaelder
- Re: [Isms] open issues
  - From: Randy Presuhn
- Re: [Isms] open issues
  - From: Juergen Schoenwaelder
- Re: [Isms] open issues
  - From: Randy Presuhn

Prev by Date: Re: [Isms] open issues
Next by Date: Re: [Isms] open issues
Previous by thread: Re: [Isms] open issues
Next by thread: Re: [Isms] open issues
Index(es):
- Date
- Thread

Re: [Isms] open issues

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.