Re: [Isms] open issues

To: "'Randy Presuhn'" <randy_presuhn at mindspring.com>, <isms at ietf.org>
Subject: Re: [Isms] open issues
From: "David Harrington" <ietfdbh at comcast.net>
Date: Wed, 30 Apr 2008 12:26:52 -0400
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
In-reply-to: <002d01c8aad5$a91c0180$6801a8c0@oemcomputer>
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <20080422210355.GA12678@elstar.local><002401c8a4dc$869f3400$6801a8c0@oemcomputer><20080423064530.GC13183@elstar.local><000d01c8a513$af1af400$6801a8c0@oemcomputer><20080423084701.GE13273@elstar.local><000601c8a56a$e95f1c20$6801a8c0@oemcomputer><000001c8a597$b0349560$011716ac@NEWTON603><000c01c8a59a$c04122e0$6801a8c0@oemcomputer><1696498986EFEC4D9153717DA325CB7271D491@vaebe104.NOE.Nokia.com><010301c8a634$464caf00$6801a8c0@oemcomputer><1696498986EFEC4D9153717DA325CB727BC9D4@vaebe104.NOE.Nokia.com> <002d01c8aad5$a91c0180$6801a8c0@oemcomputer>
Sender: isms-bounces at ietf.org
Thread-index: Aciq3gaV5RyWX8PDT4KOyrdMKTn7FQAALfVA

The securityName represents the principal on whose behalf the
notification was originated. So typically, this is not the host, but
the identity of the "user" on whose behalf the notification is sent.

**on whose behalf** was an important phrase during SNMNPv3
development.

dbh

> -----Original Message-----
> From: isms-bounces at ietf.org [mailto:isms-bounces at ietf.org] On 
> Behalf Of Randy Presuhn
> Sent: Wednesday, April 30, 2008 11:20 AM
> To: isms at ietf.org
> Subject: Re: [Isms] open issues
> 
> Hi -
> 
> > From: <Pasi.Eronen at nokia.com>
> > To: <randy_presuhn at mindspring.com>; <isms at ietf.org>
> > Sent: Wednesday, April 30, 2008 1:02 AM
> > Subject: RE: [Isms] open issues
> ...
> > Perhaps we're discovering a limitation that RFC 341x didn't really
> > consider: when you use pairwise secret keys, the key (and its
> > securityName) always identifies (at least implicitly) both 
> ends of the
> > relationship. In case of public key crypto, that's not the case.
> 
> My recollection was that we consciously used this property in 
> the design
> of USM.  I don't recall any discussions of whether the 
> property held true for
> public keys.
> 
> ...
> > > RFC 3413 section 3.4 specifies that securityName is provided
> > > to the notification receiver application.
> >
> > Yes.. but it's not clear whether this is always the same 
> securityName
> > that was provided by the notification originator application
> > (identifying the receiver, used for access control on the
originator
> > side), or a securityName identifying the originator.
> >
> > For pairwise secret keys, it doesn't matter. For public 
> keys, if it's
> > important to know the former on the notification receiver side, we
> > might need to pass it separately from the SSH user name.
> 
> The assumption when the architecture was designed was that the
> securityName delivered to the notification receiver application
would
> be whatever one was supplied by the notification generator, 
> which would
> be whatever was used by access control to determine whether 
> the information
> should be permitted to be delivered to that party.  It's 
> *not* a securityName
> identifying "the originator" - the only thing in the 
> architecture that comes close
> to that concept would be the snmpEngineID.
> 
> Randy
> 
> _______________________________________________
> Isms mailing list
> Isms at ietf.org
> https://www.ietf.org/mailman/listinfo/isms
> 

_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] open issues
  - From: Randy Presuhn

References:
- Re: [Isms] open issues
  - From: Juergen Schoenwaelder
- Re: [Isms] open issues
  - From: Randy Presuhn
- Re: [Isms] open issues
  - From: Juergen Schoenwaelder
- Re: [Isms] open issues
  - From: Randy Presuhn
- Re: [Isms] open issues
  - From: Juergen Schoenwaelder
- Re: [Isms] open issues
  - From: Randy Presuhn
- Re: [Isms] open issues
  - From: David B. Nelson
- Re: [Isms] open issues
  - From: Randy Presuhn
- Re: [Isms] open issues
  - From: Pasi.Eronen at nokia.com
- Re: [Isms] open issues
  - From: Randy Presuhn
- Re: [Isms] open issues
  - From: Pasi.Eronen
- Re: [Isms] open issues
  - From: Randy Presuhn

Prev by Date: Re: [Isms] open issues
Next by Date: Re: [Isms] open issues
Previous by thread: Re: [Isms] open issues
Next by thread: Re: [Isms] open issues
Index(es):
- Date
- Thread

Re: [Isms] open issues

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.