Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
David Harrington writes...
> There would be no RADIUS attributes available if the transport
> model doesn't support RADIUS.
Right. It's an open question whether that always works as expected, but if the table entries make intelligent use of the securityModel field, this should be doable.
> Of course, that works on incoming traffic.
Right.
> For notifications access control is done before
> authentication in SNMP...
Indulging in a "rat hole" side-discussion -- applying authorization before performing authentication seems fundamentally broken to me. I know that we're not chartered to go down that "rat-hole", but I can't resist the observation in passing.
> ...so there would be no RADIUS attributes available
> (at least for the first time).
Right.
> I assume notifications might use pre-configured
> access controls.
Yeah, I guess so. Probably merits further thought.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
