Re: [Isms] comments on draft-nelson-isms-extended-vacm-00

To: <isms at ietf.org>
Subject: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
From: "Dave Nelson" <d.b.nelson at comcast.net>
Date: Mon, 27 Jul 2009 08:54:27 -0400
Delivered-to: isms at core3.amsl.com
In-reply-to: <20090727123600.GA10809 at elstar.local>
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <20090727072452.GA10456 at elstar.local> <A1B512CB9018492C90EEDB94D8515C41 at NEWTON603> <20090727123600.GA10809 at elstar.local>
Thread-index: AcoOttCY3ngWLBe5QJSkSTbwrCqXRAAAas4w

Juergen Schoenwaelder writes ... [
 
> But isn't the RADIUS aware transport doing the manipulation of the
> VACM table?

Channeling Dave Harrington:  No, that would be a violation of RFC3411
modularity.  :-)

> Perhaps this is one thing to clarify further - which
> component is actually manipulating the VACM table.

The transport populates tmStateReference.  It's up to the extended VACM code
to do something with that information, i.e., populate MIB tables.

My concern is related to attempting to use extended VACM, and thus the
tmStateRefrence, in the absence of a RADIUS-aware secure transport.  The
only input to the VACM's ASI that would indicate whether there is or is not
a RADIUS-aware transport at work would be the Security Model selector.  Do
you see another way to accomplish this?

Follow-Ups:
- Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: Juergen Schoenwaelder

References:
- [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: Juergen Schoenwaelder
- Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: Dave Nelson
- Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: Juergen Schoenwaelder

Prev by Date: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
Next by Date: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
Previous by thread: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
Next by thread: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
Index(es):
- Date
- Thread

Re: [Isms] comments on draft-nelson-isms-extended-vacm-00

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.