[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt

To: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
Subject: RE: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
From: Andy Bierman <abierman@cisco.com>
Date: Mon, 22 Apr 2002 10:24:16 -0700
Cc: RJ Atkinson <rja@extremenetworks.com>, "Woundy, Richard" <RWoundy@broadband.att.com>, "'mibs@ops.ietf.org'" <mibs@ops.ietf.org>, "IPCDN (E-mail)" <ipcdn@ietf.org>
In-reply-to: <A451D5E6F15FD211BABC0008C7FAD7BC0DB80B8B@nl0006exch003u.nl.lucent.com>

At 03:27 AM 4/22/2002, Wijnen, Bert (Bert) wrote:
>I am working on a revised text for the guideline.

I object to the last statement in Ran's text proposal.
It is one thing to point out the security vulnerabilities
of SNMPv1 and SNMPv2c, but it is another thing to mandate
the use of SNMPv3 (in the boilerplate section of a MIB
document.)  In any case, such important normative text
should not be buried in the intro section of each MIB.

I do not object to mandating specific functionality.
I object to mandating a specific solution for achieving 
that functionality.

The following boilerplate statement seems to mandate features
not required for security:

  SNMPv1 by itself is not a secure environment.  Even if the network
  itself is secure (for example by using IPSec), even then, there is no
  control as to who on the secure network is allowed to access and
  GET/SET (read/change/create/delete) the objects in this MIB.

This statement seems to suggest that implementations must differentiate
operations by security user (i.e., use VACM and USM).
I think such features should not be mandated. SNMPv1(2c) over IPSEC should
be considered secure enough.

>Bert 

Andy

>> -----Original Message-----
>> From: RJ Atkinson [mailto:rja@extremenetworks.com]
>> Sent: Thursday, April 18, 2002 7:13 PM
>> To: Woundy, Richard
>> Cc: 'mibs@ops.ietf.org'; IPCDN (E-mail)
>> Subject: Re: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
>> 
>> 
>> 
>> On Thursday, April 18, 2002, at 12:59 , Woundy, Richard wrote:
>> 
>> > Folks,
>> >
>> > The current Security Guidelines uses the following text to 
>> warn against
>> > using SNMPv1:
>> >
>> >    SNMPv1 by itself is not a secure environment.  Even if 
>> the network
>> >    itself is secure (for example by using IPSec), even 
>> then, there is no
>> >    control as to who on the secure network is allowed to access and
>> >    GET/SET (read/change/create/delete) the objects in this MIB.
>> >
>> > Shouldn't this text also point out that SNMPv2c suffers 
>> from the same
>> > security vulnerabilities? Note that SNMPv2c is explicitly 
>> mentioned in 
>> > the
>> > standard MIB boilerplate 
><http://www.ops.ietf.org/mib-boilerplate.html>.
>
>        Thanks.
>
>MIB Folks,
>
>        It should also explicitly note that SNMPv1 and SNMPv2c both use 
>clear-text
>disclosing passwords -- which are not considered to provide acceptable
>security for an IETF protocol.
>
>        We need to start having MIBs mandate that implementers implement
>SNMPv3 now that has advanced to Full Standard, IMHO.
>
>Ran

Follow-Ups:
- Re: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
  - From: RJ Atkinson <rja@extremenetworks.com>

References:
- RE: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
  - From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>

Prev by Date: RE: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
Next by Date: Re: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
Previous by thread: RE: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
Next by thread: Re: [ipcdn] draft-ietf-ipcdn-device-mibv2-01.txt
Index(es):
- Date
- Thread