[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [midcom] security recommendations in MIDCOM MIB draft

To: Magnus Westerlund <magnus.westerlund at ericsson.com>, Wes Hardaker <wjhns1 at hardakers.net>
Subject: Re: [midcom] security recommendations in MIDCOM MIB draft
From: Melinda Shore <mshore at cisco.com>
Date: Thu, 12 Jul 2007 11:40:15 -0400
Authentication-results: rtp-dkim-1; header.From=mshore@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
Cc: midcom at ietf.org, Tim Polk <tim.polk at nist.gov>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1109; t=1184254823; x=1185118823; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mshore@cisco.com; z=From:=20Melinda=20Shore=20<mshore@cisco.com> |Subject:=20Re=3A=20[midcom]=20security=20recommendations=20in=20MIDCOM=2 0MIB=20draft |Sender:=20 |To:=20Magnus=20Westerlund=20<magnus.westerlund@ericsson.com>, =0A=20=20=2 0=20=20=20=20=20Wes=20Hardaker=20<wjhns1@hardakers.net>; bh=Tj/WPR+ildcrYWwd8OUhFh+ggdGNnrwwP0InVMa9lgM=; b=V+Zvv2bR5TjXC2Tj894whgV1elxl3Uedx2LWLikOUeuUMRtEf6MAzDJCzMtBJ/Ad2pktf64K P+ktNmi4fKrBWz48FRg4bqi34YDaf1SeG9kCwYQfTzxUcWfdXrGtyFjP;
In-reply-to: <469615B1.6040309@ericsson.com>
List-help: <mailto:midcom-request@ietf.org?subject=help>
List-id: midcom.ietf.org
List-post: <mailto:midcom@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=unsubscribe>
Thread-index: AcfEmvD1L783JDCOEdyO5AAKleNSdA==
Thread-topic: [midcom] security recommendations in MIDCOM MIB draft
User-agent: Microsoft-Entourage/11.3.3.061214

On 7/12/07 7:51 AM, "Magnus Westerlund" <magnus.westerlund at ericsson.com>
wrote:
> Can we please come to consensus on this topic. And if there are text
> changes to implement the consensus, please provide them as RFC-editor
> notes to me.

The starting point is: requesting services from a middlebox must
be secure.  If that's to be done cryptographically, it requires
SNMPv3.  If it's not to be done cryptographically it suggests that
the protocol is being run over a "secure" network.  The latter was
not considered acceptable by the responsible area director at the
time that the work was ramping up, and it seems to me the question
of whether or not SNMPv3 is to be required hinges on whether or
not we can now permit an assumption of a "secure" network (for example,
running it over an IPSec tunnel).  It seems to me that if we
can't assume the use of a secure network in some deployments then
SNMPv3 has to be required, since sending firewall requests and
NAT answers insecurely is obviously unacceptable.  Do you think
the assumption of a secure network would pass review?

Melinda

_______________________________________________
midcom mailing list
midcom at ietf.org
https://www1.ietf.org/mailman/listinfo/midcom

Follow-Ups:
- Re: [midcom] security recommendations in MIDCOM MIB draft
  - From: Wes Hardaker

References:
- Re: [midcom] security recommendations in MIDCOM MIB draft
  - From: Magnus Westerlund

Prev by Date: Re: [midcom] security recommendations in MIDCOM MIB draft
Next by Date: Re: [midcom] security recommendations in MIDCOM MIB draft
Previous by thread: Re: [midcom] security recommendations in MIDCOM MIB draft
Next by thread: Re: [midcom] security recommendations in MIDCOM MIB draft
Index(es):
- Date
- Thread