[Isms] pre11 comments
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Isms] pre11 comments
Hi,
I think the TSM should do a 1:1 translation from tmSecurityName to
securityName, and vice-versa.
I am not sure we need a securityName mapping table for TSM.
The mapping happens at the transport model from the transport-specific
principal to the tmSecurityName. That mapping is obviously necessary.
I see us adding options and complexity that I don't see operators
asking for, such as administratively definable transform selection. I
hope these really are needed.
I agree that operators might want to disable SNMP use of a transport
that is allowed on the device for other purposes. For that, a TSM
domain table with an enable/disable object might be appropriate.
However, since we specifically use an "snmp" subsystem, isn't it
likely that an SSH config can control whether the user can use the
snmp subsystem, much like they can decide to disable X11 forwarding?
and even if they do get in, then VACM can prevent them from being able
to do anything snmp-related. So do we actually need to provide this
control?
David Harrington
dbharrington at comcast.net
ietfdbh at comcast.net
dharrington at huawei.com
_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
