[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Review: IESG Agenda and Package for January 22, 2004 Telechat
- To: Keith McCloghrie <firstname.lastname@example.org>
- Subject: Re: Review: IESG Agenda and Package for January 22, 2004 Telechat
- From: Juergen Schoenwaelder <email@example.com>
- Date: Thu, 22 Jan 2004 17:51:15 +0100
- Cc: "\"Romascanu, Dan (Dan)\"" <firstname.lastname@example.org>, "\"Wijnen, Bert (Bert)\"" <email@example.com>, "\"Mreview (E-mail)\"" <firstname.lastname@example.org>, email@example.com
- In-reply-to: <200401221621.IAA00666@cisco.com>
- Mail-followup-to: Keith McCloghrie <firstname.lastname@example.org>, "\"Romascanu, Dan (Dan)\"" <email@example.com>, "\"Wijnen, Bert (Bert)\"" <firstname.lastname@example.org>, "\"Mreview (E-mail)\"" <email@example.com>, firstname.lastname@example.org
- References: <AAB4B3D3CF0F454F98272CBE187FDE2F04259B56@is0004avexu1.global.avaya.com> <200401221621.IAA00666@cisco.com>
- Reply-to: email@example.com
- User-agent: Mutt/188.8.131.52+cvs20040105i
On Thu, Jan 22, 2004 at 08:21:26AM -0800, Keith McCloghrie wrote:
> SNMP community strings are not passwords. A better analogy is that a
> SNMP community string is like a groupname to which multiple users
> belong. RFC 1157 says:
> An SNMP message originated by an SNMP application entity that in fact
> belongs to the SNMP community named by the community component of
> said message is called an authentic SNMP message. The set of rules
> by which an SNMP message is identified as an authentic SNMP message
> for a particular SNMP community is called an authentication scheme.
> ... Some SNMP implementations may wish to support only a trivial
> authentication service that identifies all SNMP messages as
> authentic SNMP messages.
> So, with trivial authentication, the community string identifies a group
> of originators, and any message which correctly identifies the group is
> automatically authentic.
The quoted text talks several times about "authentication" of SNMP
messages. For most people, a string that is used to "authenticate"
a message is considered to be a password, regardless whether this
string is to be shared by a group or not.
BTW, when I read the first time RFC 1157 many years ago, the concept
of communities was the most puzzling thing for me to understand. It
took some time until I realized that these are just passwords. ;-)
Juergen Schoenwaelder International University Bremen
<http://www.eecs.iu-bremen.de/> P.O. Box 750 561, 28725 Bremen, Germany