[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt

To: "'mibs@ops.ietf.org'" <mibs@ops.ietf.org>
Subject: RE: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
From: "Woundy, Richard" <RWoundy@broadband.att.com>
Date: Thu, 18 Apr 2002 10:59:47 -0600
Cc: "IPCDN (E-mail)" <ipcdn@ietf.org>, "'RJ Atkinson'" <rja@extremenetworks.com>

Folks,

The current Security Guidelines uses the following text to warn against
using SNMPv1:

   SNMPv1 by itself is not a secure environment.  Even if the network
   itself is secure (for example by using IPSec), even then, there is no
   control as to who on the secure network is allowed to access and
   GET/SET (read/change/create/delete) the objects in this MIB.

Shouldn't this text also point out that SNMPv2c suffers from the same
security vulnerabilities? Note that SNMPv2c is explicitly mentioned in the
standard MIB boilerplate <http://www.ops.ietf.org/mib-boilerplate.html>.

Thanks to Ran Atkinson for pointing this out.

-- Rich

-----Original Message-----
From: RJ Atkinson [mailto:rja@extremenetworks.com]
Sent: Tuesday, March 19, 2002 3:23 PM
To: Richard Woundy
Cc: ipcdn@ietf.org
Subject: Re: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt



On Tuesday, March 19, 2002, at 02:40 , Richard Woundy wrote:
> I want to put together an updated version of this internet-draft.

	Thanks very much.  My primary goal is to keep the I-Ds (and
RFCs) in sync with the current reality.

> The wording of the Security Considerations in the drafts in this
> working group is constrained by the following guidance for MIB
> documents from the IETF O&M folks: <http://www.ops.ietf.org/security.html>
> .

> If we want to use text that specifically calls out the dangers/folly
> of using SNMPv2c, we should get feedback from the folks on the
> <mibs@ops.ietf.org> mailing list.

	I believe, based on recent experience with the BGP MIB where
I had essentially the same inputs and my proposal was recently
implemented, that my suggestion regarding "Security Considerations"
for IPCDN MIBs is not conflicting with the URL/guidance from the
MIB wizards.  One could send a quick note to the O&M ADs to obtain
precise confirmation that I am not confused about this point.

	A glance at the very very latest BGP MIB's "Security
Considerations" gives a good example of the kind of things
that I think ought to be there.  I believe this latest I-D's
version is online already, but am not 100% certain this second
as I write this note.

Cheers,

Ran
rja@extremenetworks.com

Follow-Ups:
- Re: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
  - From: RJ Atkinson <rja@extremenetworks.com>

Prev by Date: Meeting notice
Next by Date: Re: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
Previous by thread: Meeting notice
Next by thread: Re: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
Index(es):
- Date
- Thread