Magnus Fromreide <ma...@lysator.liu.se> writes:

> I suppose the default value of the access control is "auth", the man
> page didn't say what the effects of that was?
> 
> I think this is a bad idea as a default since that works against the
> "secure by default" ideal - if someone want to loosen restrictions
> then they should have to ask for that.
> 
> Now, I do appreciate that changing this might break the setup for some
> people but on the other hand it probably will close unintended holes
> for others.

I'd push back rather hard against breaking existing implementations by
changing the default.  As mentioned in the other thread, at the time
that code was put into place the only encryption was DES and because the
U.S. was still pushing hard against export controls of even prototcols
like DES, the general consensus of the SNMPv3 world was encryption was a
"nice" but may not be available everywhere.

If we want to change the default behavior, I'd suggest we instead create
a new token and push that out to all documentation and examples rather
than causing a version update to suddenly make everyone's existing
deployments stop working.

-- 
Wes Hardaker
Please mail all replies to net-snmp-coders@lists.sourceforge.net


_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to