Thanks Wes. That is what I thought. Regards, Pablo
> -----Original Message----- > From: Wes Hardaker [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 07, 2007 1:33 PM > To: Passera Pablo-APP015 > Cc: net-snmp-coders@lists.sourceforge.net > Subject: Re: usm_check_secLevel and RFC3414 > > >>>>> "PP" == Passera Pablo-APP <Passera> writes: > > PP> My question is, is this a correct interpretation of the > RFC? Or the > PP> correct action would be to compare the security levels > and if those > PP> don't match then discard the packet? (in the later case > the packet > PP> shall arrive with exactly the same security level than > the user in > PP> the USM > PP> table) > > That isn't correct thinking. That point in the RFC is > attempting to make sure that a user doesn't try to receive a > encrypted packet (for > example) when it doesn't support an encryption protocol (IE, > if none was configured for it). > > It is not trying to imply policy with what level of > protection a packet must have to arrive for that user. > That's the job of the VACM. > -- > Wes Hardaker > Sparta, Inc. > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
