[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
On Friday, April 19, 2002, at 04:15 , C. M. Heard wrote:
> This may have been an oversight, but there was a good reason to
> SNMPv1 here -- it was (and still is) an Internet Standard and a
> recommended protocol, although this will soon change
I (erroneously ?) thought SNMPv1 was already moved to HISTORIC
and SNMPv3 to full STANDARD by the IESG. If IESG has approved,
then the state has already changed even if the new RFCs haven't
made it out of the RFC Editor queue.
> -- while SNMPv2c
> was never on the standards track (it was experimental) and was never
> a recommended protocol.
In practice, many many folks erroneously thought that SNMPv2c
included cryptographic authentication -- and SNMPv2c is quite widely
deployed (mainly in order to use SMIv2), so it is a large part of the
deployed Internet. On that basis (being a large part of the
deployed Internet), it needs to be discussed in any Security
Considerations section regardless of its theoretical IETF state.
> The new SNMPv3 documents will be published soon, and the boilerplate
> all have to be updated then. The admonition against the insecure
> protocols might as well be updated to say just don't use them.
Agree with all of that.