RE: Begin last call on draft-ietf-opsec-infrastructtre-security-01

["Romascanu, Dan (Dan)" <dromasca@avaya.com>]

Section 5.1.1 mentions the following example:

   Second, the operator should
   utilize the services access control mechanisms to limit the access to
   the devices service to only required sources.  Examples of per
   service security are using virtual terminal access control lists, or
   SNMP Community access control lists.

The community concept was relevant for the old and now Historic SNMPv1
and was considered a very lose security mechanism at best. I suggest a
more generic formulation that would refer to the current SNMP security
mechanisms: 

   Second, the operator should
   utilize the services access control mechanisms to limit the access to
   the devices service to only required sources.  Examples of per
   service security are using virtual terminal access control lists, or
   Management Information Base (MIB) objects used to allow the
   remote configuration of access control policies for MIB objects
accessed
   by SNMP.
 
Dan


> -----Original Message-----
> From: owner-opsec@psg.com [mailto:owner-opsec@psg.com] On 
> Behalf Of patrick cain
> Sent: Monday, June 11, 2007 7:19 AM
> To: opsec@ops.ietf.org
> Subject: Begin last call on 
> draft-ietf-opsec-infrastructtre-security-01
> 
> Hi,
> 
> This is a call to begin a WG last call on the above mentioned draft.
> The last call will end in two weeks, around June 26, 2007.
> 
> The only comments I have seen in the past were on section 6, 
> and I haven't seen anyone offer replacement working for the 
> contentious sentence. I have seen a couple people complain 
> and a larger set of people state that they actually do it, 
> which leads me to believe that we have reasonable consensus 
> from the operators on the issue.
> 
> Pat Cain
>