[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OPS-AREA] Issue 2: replacement text for securemanagementprotocolboilerplate

To: "Randy Presuhn" <randy_presuhn at mindspring.com>, "ops-area (IETF)" <ops-area at ietf.org>
Subject: Re: [OPS-AREA] Issue 2: replacement text for securemanagementprotocolboilerplate
From: "Romascanu, Dan (Dan)" <dromasca at avaya.com>
Date: Thu, 5 Feb 2009 10:02:44 +0100
Delivered-to: ops-area at core3.amsl.com
In-reply-to: <007101c986f6$5ac4e620$6801a8c0 at oemcomputer>
List-archive: <http://www.ietf.org/mail-archive/web/ops-area>
List-help: <mailto:ops-area-request@ietf.org?subject=help>
List-id: OPS Area e-mail list <ops-area.ietf.org>
List-post: <mailto:ops-area@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ops-area>, <mailto:ops-area-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ops-area>, <mailto:ops-area-request@ietf.org?subject=unsubscribe>
References: <051d01c986df$de905640$0600a8c0 at china.huawei.com><004401c986f4$238daf40$6801a8c0 at oemcomputer><054701c986f5$dd5c1a00$0600a8c0 at china.huawei.com> <007101c986f6$5ac4e620$6801a8c0 at oemcomputer>
Thread-index: AcmG9m4337TLg90kTPqJN9VGIpcvcgAegF7g
Thread-topic: [OPS-AREA] Issue 2: replacement text for securemanagementprotocolboilerplate

 

> -----Original Message-----
> From: ops-area-bounces at ietf.org 
> [mailto:ops-area-bounces at ietf.org] On Behalf Of Randy Presuhn
> Sent: Wednesday, February 04, 2009 8:28 PM
> To: 'ops-area (IETF)'
> Subject: Re: [OPS-AREA] Issue 2: replacement text for 
> securemanagementprotocolboilerplate
> 
> Hi -
> 
> > From: "David Harrington" <ietfdbh at comcast.net>
> > To: "'Randy Presuhn'" <randy_presuhn at mindspring.com>; "'ops-area 
> > (IETF)'" <ops-area at ietf.org>
> > Sent: Wednesday, February 04, 2009 10:24 AM
> > Subject: RE: [OPS-AREA] Issue 2: replacement text for secure 
> > managementprotocolboilerplate
> ...
> > Would the following be better?
> >  
> > "Operators SHOULD enable cryptographic security and ensure that the 
> > protocol giving access to management information is properly 
> > configured to give access only to those principals
> > (users/applications) that have legitimate rights to 
> > read/create/change/delete the information."
> > 
> > i.e.,
> > s:server/agent:protocol:
> > s:(users):(users/applications)/
> > 
> > or does that get so diluted as to be meaningless?
> 
> I think it's better.  To more explicitly address the 
> syslog/notification cases, perhaps one could add "/receive" 
> after "delete"?
> 
> Randy
> 

+1 

Dan

(speaking as contributor)

References:
- [OPS-AREA] Issue 2: replacement text for secure management protocol boilerplate
  - From: David Harrington
- Re: [OPS-AREA] Issue 2: replacement text for secure management protocolboilerplate
  - From: Randy Presuhn
- Re: [OPS-AREA] Issue 2: replacement text for secure managementprotocolboilerplate
  - From: David Harrington
- Re: [OPS-AREA] Issue 2: replacement text for secure managementprotocolboilerplate
  - From: Randy Presuhn

Prev by Date: Re: [OPS-AREA] Issue 3: replacement boilerplate formanagementobjectsensitivity
Next by Date: Re: [OPS-AREA] Issue 1: should we have a securityboilerplateformanagement protocols and data models?
Previous by thread: Re: [OPS-AREA] Issue 2: replacement text for securemanagementprotocolboilerplate
Next by thread: [OPS-AREA] Issue 3: replacement boilerplate for management object sensitivity
Index(es):
- Date
- Thread