a+b dbh
> -----Original Message----- > From: Juergen Schoenwaelder > [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 26, 2008 4:00 PM > To: David Harrington > Cc: 'Randy Presuhn'; 'General Area Review Team'; > [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: Re: > [OPSAWG]Gen-ARTLCreviewofdraft-ietf-opsawg-snmp-engineid-disco > very-02.txt > > On Thu, Jun 26, 2008 at 08:56:14AM +0800, David Harrington wrote: > > > I think the benefit to operators is greater than the risk of giving > > the same benefit to attackers. I am not convinced this > information is > > sensitive. > > I though security considerations should spell out potential risks so > that people deploying technology can think about them and take an > informed decision. How can we claim that we understand the benefit > risk trade-offs? > > An an editor, I need to understand the WG consensus. I currently see > three options on the table: > > a) document the potential information leakage associated with > snmpEngineID discovery > > b) declare that this potential information leakage is a feature that > is RECOMMENDED to support > > c) remove all discussion about this issue and simply stay silent, > following the spirit of the USM standard > > /js > > -- > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany > Fax: +49 421 200 3103 <http://www.jacobs-university.de/> > _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
