On Thu, Jun 26, 2008 at 08:56:14AM +0800, David Harrington wrote: > I think the benefit to operators is greater than the risk of giving > the same benefit to attackers. I am not convinced this information is > sensitive.
I though security considerations should spell out potential risks so that people deploying technology can think about them and take an informed decision. How can we claim that we understand the benefit risk trade-offs? An an editor, I need to understand the WG consensus. I currently see three options on the table: a) document the potential information leakage associated with snmpEngineID discovery b) declare that this potential information leakage is a feature that is RECOMMENDED to support c) remove all discussion about this issue and simply stay silent, following the spirit of the USM standard /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
