[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Updating the MIB security guidelines

To: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>, "Juergen Schoenwaelder" <schoenw@ibr.cs.tu-bs.de>
Subject: RE: Updating the MIB security guidelines
From: "Harrington, David" <dbh@enterasys.com>
Date: Tue, 31 Dec 2002 10:23:32 -0500
Cc: <mibs@ops.ietf.org>

Hi,

I have often heard the comment from the SNMPv3 designers that VACM goes overboard having instance-level access control. I disagree.

I have had many occasions where I needed to look at a real-world problem, and have had to determine if SNMPv3 could be applied to solve the problem. One of the common requirements is to have agent-enforced access control to specific rows in a table, based on the value of some field. I think that where we as a community went wrong was to make row-access controls dependent on the index, rather than defining some type of value-match functionality, for any column, that could easily be specified for access control and data retrieval reasons. 

Some examples of situations where row access control is desirable:
RFC 2925 Internet Accounting
RFC 3304 MIDCOM requirements

I think the real problem has to do with how we traditionally design mibs, with rows from multiple managers interlaced. Access control considerations show the need to often keep the data separated by manager, enforced by the agent. There are different ways to achieve this, such as by using (possibly dynamically-created) contexts to hold different instances of tables, using RMON-style OwnerStrings, or using VACM instance-level granularity, but none of them are easy to apply to most existing standard mibs for meeting this frequent requirement.

dbh

> -----Original Message-----
> From: Wijnen, Bert (Bert) [mailto:bwijnen@lucent.com]
> Sent: Tuesday, December 31, 2002 6:28 AM
> To: Juergen Schoenwaelder
> Cc: mibs@ops.ietf.org
> Subject: RE: Updating the MIB security guidelines
> 
> 
> Juergen comments:
> 
> >>>>> Wijnen, Bert (Bert) writes:
> > 
> > Bert> or maybe even better:
> > 
> > Bert> Some of the readable objects in this MIB module (that is all
> > Bert> objects with a MAX-ACCESS other than not-accessible) may be
> > Bert> considered
> > 
> > And even valus of not-accessible index objects can be retrieved by
> > reading some column and unpacking the index...
> > 
> I understand that, but that is implicit if you get access to 
> an accessible column.
> 
> Are you saying that we should add something about this?
> I guess one could limit access to a specific column to exlcude
> some indices and not others.... 
> Oh well... that is where I find VACM went overboard (mea culpa,
> I am co-author/editor).
> 
> Bert
> > /js
> > 
> > -- 
> > Juergen Schoenwaelder    
> > <http://www.informatik.uni-osnabrueck.de/schoenw/>
> > 
> > 
> 
>

Prev by Date: RE: Updating the MIB security guidelines
Next by Date: RE: Updating the MIB security guidelines
Previous by thread: Re: Updating the MIB security guidelines
Next by thread: RE: Updating the MIB security guidelines
Index(es):
- Date
- Thread