Re: [midcom] security recommendations in MIDCOM MIB draft

[Wes Hardaker <wjhns1 at hardakers.net>]

>>>>> "MS" == Melinda Shore <mshore at cisco.com> writes:

MS> On 7/12/07 7:51 AM, "Magnus Westerlund" <magnus.westerlund at ericsson.com>
MS> wrote:
>> Can we please come to consensus on this topic. And if there are text
>> changes to implement the consensus, please provide them as RFC-editor
>> notes to me.

MS> The starting point is: requesting services from a middlebox must
MS> be secure.  If that's to be done cryptographically, it requires
MS> SNMPv3.

I think the text needs to require one method be available to operators
consistently across all the devices they purchase.  If they choose not
to use it because they have other methods of securing their traffic
they're comfortable with, then so be it.  But at least they should be
sure they can use one method.

Something like:

MIBCOM devices MUST implement SNMPv3 to allow for operators to rely on
it's features in order to protect their traffic.  Operators should use
make use of SNMPv3, other protocols providing cryptographic protection
or physical separation to to ensure MIBCOM traffic is secured.

-- 
Wes Hardaker
Sparta, Inc.

_______________________________________________
midcom mailing list
midcom at ietf.org
https://www1.ietf.org/mailman/listinfo/midcom