[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Updating the MIB security guidelines

To: mibs@ops.ietf.org
Subject: RE: Updating the MIB security guidelines
From: Randy Presuhn <rpresuhn@dorothy.bmc.com>
Date: Thu, 2 Jan 2003 12:04:26 -0800 (PST)

Hi -

> Date: Tue, 31 Dec 2002 13:41:42 -0800 (PST)
> From: "C. M. Heard" <heard@pobox.com>
> To: mibs@ops.ietf.org
> Subject: RE: Updating the MIB security guidelines
> In-Reply-To: <200212311953.LAA03899@dorothy.bmc.com>
> Message-ID: <Pine.LNX.4.10.10212311335130.29916-100000@shell4.bayarea.net>
...
> I'm not sure it's really necessary, but if you insist, we could fix
> this too by changing the words "encrypt the values" to "encrypt the
> values and names" in the third setion.  It would then say:
...

I'd rather NOT see such a change.  My concerns are from the
perspective of the access control policy's effect on who is
permitted to learn the index values.  Whether that policy
requires encryption of the responses on the wire follows as
a matter of course.  (For example, a security administrator
shouldn't permit "public" to walk a table with "revealing"
indexes, even if a privacy protocol would be in use.)

 ------------------------------------------------------
 Randy Presuhn          BMC Software, Inc.  SJC-1.3141
 randy_presuhn@bmc.com  2141 North First Street
 Tel: +1 408 546-1006   San José, California 95131  USA
 ------------------------------------------------------
 My opinions and BMC's are independent variables.
 ------------------------------------------------------

Follow-Ups:
- RE: Updating the MIB security guidelines
  - From: "C. M. Heard" <heard@pobox.com>

Prev by Date: Re: Updating the MIB security guidelines
Next by Date: Re: Updating the MIB security guidelines
Previous by thread: Re: Updating the MIB security guidelines
Next by thread: RE: Updating the MIB security guidelines
Index(es):
- Date
- Thread