[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A few potential requirements

To: "R.P. Aditya" <aditya@grot.org>
Subject: Re: A few potential requirements
From: Bill Woodcock <woody@pch.net>
Date: Mon, 25 Jun 2001 13:29:01 -0700 (PDT)
cc: ops-nm@ops.ietf.org
Delivery-date: Mon, 25 Jun 2001 13:30:37 -0700
Envelope-to: ops-nm-data@psg.com


    > So a requirement to have multiple privilege levels on the device
    > itself is unnecessary? Just asking to make sure that is what is
    > implied.

I'd meant the privilege levels to be on the device itself, yes.  I'm
assuming that we can't rely upon any intermediaries, since we may be
talking directly to the device, from a dumb terminal.  So the device has
to understand any access controls explicitly.

    > However, a stronger requirement than "looking like SMTP" is that it
    > should also be over a secure, authenticated, encrypted method to
    > connect to the network device AND transfer the configuration
    > file/commands to and
    > from the device.

I'm for requiring that vendors provide a reasonable secure method for
across-the-network configuration.  I'd prefer to see ssh/scp, but I'm not
religious about it.  But I strongly feel that this is secondary to making
sure I can get into the box with whatever tools I have at hand.  Meaning
that I must first have telnet before I require SSH.  And I have to be able
to get in from a TTY with a serial cable, and no crypto smarts at all.

Do you agree on that, or do you mean that you want _only_ encrypted
channels into the box?  That would rule out craft ports.


                                -Bill

Prev by Date: Re: A few potential requirements
Next by Date: Question regarding the scope of the WG
Prev by thread: Re: A few potential requirements
Next by thread: Re: Fwd: Re: A few potential requirements
Index(es):
- Date
- Thread