 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
On Mon, Jul 27, 2009 at 10:12:46AM +0200, Wes Hardaker wrote:>>>>> On Mon, 27 Jul 2009 09:29:24 +0200, Juergen Schoenwaelder >>>>> <j.schoenwaelder at jacobs-university.de> said: JS> snmp://tester5 at example.com:5161;transport=ssh JS> ^^^^^^^^^^^^^^ JS> new I think you're still missing an important element, namely the securityModel. No where above does it specify TSM anywhere so I don't think it's complete as is.Yes, I agree. I was thinking about having a default for all this as we do now - you get SNMPv3/USM/UDP. If you specify transport=ssh, you get securitymodel=tsm as default - I did not spell this out.
I still don't think transport= is the right approach. In your URL example, is 'tester' intended to be a securityName or part of the SSH transport address? I suspect the answer is that for UDP/USM it is a securityName, but for TCP/SSM/TSM it is part of the SSH transport address, indicating the SSH username to use. That is, the syntax depends on the transport being used.
The right way to have differing syntax is to use different URI schemes. UDP, TCP, SSH, TLS, DTLS/UDP, and DTLS/SCTP should probably all have different URI schemes.
Once you've done that, different schemes can imply different defaults, so the default security model for SSH, TLS, DTLS/UDP, and DtLS/SCTP is TSM, while the default security model for UDP and TCP is USM.
-- Jeff