[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: architecture and security

To: "Netconf \(E-mail\)" <netconf@ops.ietf.org>
Subject: Re: architecture and security
From: "Randy Presuhn" <randy_presuhn@mindspring.com>
Date: Mon, 10 Apr 2006 13:31:59 -0700
References: <Pine.LNX.4.10.10604101214000.13053-100000@shell4.bayarea.net>

Hi -

> From: "David T. Perkins" <dperkins@dsperkins.com>
> To: "Randy Presuhn" <randy_presuhn@mindspring.com>
> Cc: "Netconf (E-mail)" <netconf@ops.ietf.org>
> Sent: Monday, April 10, 2006 12:19 PM
> Subject: Re: architecture and security
...
> Consider ifNumber. If a device has, say, 4 interfaces,
> but only a single one allows access to management info,
> then it appears that the management info is incorrect,
> since ifNumber will be 4 but only one interface is
> in the table.

No, it means only one interface could be accessed.
Since my ATM card allows me to access only three
accounts, would it be reasonable to conclude that my
bank only has three customer accounts?  Of course not.
We should not see inconsistancy where there are merely
unwarranted inferences.

> If you go through all MIB modules and try to set up
> VACM so that a limited set of info is available, then
> you will most likely end up with a set of management
> info that is accessible that appears is coming
> from a broken SNMP agent. 
...

More likely, an application that is making inferences that
are not justified.

Randy


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

References:
- Re: architecture and security
  - From: "David T. Perkins" <dperkins@dsperkins.com>

Prev by Date: Re: architecture and security
Next by Date: RE: architecture and security
Previous by thread: Re: architecture and security
Next by thread: Re: architecture and security
Index(es):
- Date
- Thread