[Isms] WGLC: radius-usage-04

To: <isms at ietf.org>
Subject: [Isms] WGLC: radius-usage-04
From: "David Harrington" <ietfdbh at comcast.net>
Date: Mon, 5 Jan 2009 16:48:22 -0500
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Sender: isms-bounces at ietf.org
Thread-index: Aclvf1RsABwaQ2n4S+2Gijv7s81Acg==

Hi,

A few comments.

1) in section 1.4, we probably should not be discussing the TSM
security model. The radius support is in the transport model, and a
radius-supported transport model should work with any security model.
How a security model is selected and how it sets the securityName is
specific to the security model, not to radius-usage.

2) In section 2, it state sthat service authroization [authorizes]
SNMP over a specific Transport Model. I believe that has been changed
in radius-mgmt-auth to be a specific transport protection.

3) In section 2.3, would it be simpler to introduce the attributes
first so we can eliminate all the redundant "refre to ... from the
perspective ..." notes?

Would it be simpler to elimiate the "from the perspective ... th euser
is requesting ..." and simply start each example with "To request ...
set the attributes with the values ..."

s/to to/to/

4) do we really need section 2.4, that says "here is stuff we don't
discuss here"?

5) section 5
s/module/model/g

Paragraph 3 and 4 can be made more succinct:
"If the SNMPv1 or SNMPv2c Security Model is used, then securityname
comes from the community name, as per RFC3584. If the User-based
Security Model is selected, then securityName is determined using USM.
This may not be what is expected when using an SNMP secure Transport
Model with an external authentication service, such as RADIUS.

Combining a secure transport with RADIUS authentication/authorization,
and the SNMPv1 or SNMPv2c or USM security models is NOT RECOMMENDED.
See the coexistence section of [TMSM]."

s/in tandem with/to supplement/
s/for any reason//

s/as defined in [rfc3579]/as defined in "RADIUS (Remote Authentication
Dial In User Service) Support For Extensible Authentication Protocol
(EAP) [RFC3579]/
Is this Informative or Normative? To follow the advice given here, one
would need to know rfc3579.

Hope this helps,

David Harrington
dbharrington at comcast.net
ietfdbh at comcast.net
dharrington at huawei.com

_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] WGLC: radius-usage-04
  - From: Dave Nelson
- Re: [Isms] WGLC: radius-usage-04
  - From: David B. Nelson
- Re: [Isms] WGLC: radius-usage-04
  - From: kaushik

Prev by Date: Re: [Isms] wg last call on isms document set - tsm b
Next by Date: Re: [Isms] WGLC: radius-usage-04
Previous by thread: [Isms] Comments about draft-ietf-isms-secshell-13, Section 5
Next by thread: Re: [Isms] WGLC: radius-usage-04
Index(es):
- Date
- Thread

[Isms] WGLC: radius-usage-04

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.