Hi - > From: "Juergen Schoenwaelder" <[EMAIL PROTECTED]> > To: "Randy Presuhn" <[EMAIL PROTECTED]> > Cc: "General Area Review Team" <[email protected]>; <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Wednesday, June 25, 2008 1:02 PM > Subject: Re: [OPSAWG] Gen-ART > LCreviewofdraft-ietf-opsawg-snmp-engineid-discovery-02.txt ... > > The recommended VACM configuration in appendix A of RFC 3415 gives > > noAuthNoPriv read access to this information anyway. > > Not necessarily if you choose an "initial-no-access-configuration" (or > I am misreading the A.1 item 5).
True, though the "initial-no-access-configuration" is in some ways a pathological case. It begs the question of how the system *ever* comes to be managed. :-) I'm still not persuaded that SnmpEngineIDs should be regarded as sensitive information in general. With USM, they show up on the wire in the clear, perhaps revealing the most in the case of notifications. (msgAuthoritativeEngineID in the UsmSecurityParameters carried as msgSecurityParameters of SNMPv3Message) Randy _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
