On Fri, Jul 04, 2014 at 11:50:29PM +0900, Hirochika Asai wrote:
>
> The security consideration is fixed according to these changes. Some unclear
> descriptions are also modified.
>
I read this in the security considerations:
When SNMPv3 strong security is not used, these objects
should have access of read-only, not read-write.
There is a access mode that is implemented and then there is an access
policy that is runtime configured in VACM. What does this allude to?
I assume the most sensible interpretation is that this sentence tries
to give advice to the security administrator configuring VACM but then
this sentence should be more explicit, e.g.:
When SNMPv3 strong security is not used, the access control model
(e.g., the View-based Access Control Model [RFC3415]) should be
configured to disallow write access.
And perhaps add:
It is recommended that default access control configurations
shipped with an implementation exclude write access to these
objects.
/js
PS: From an SMIv2 perspective, it is odd that the MAX-ACCESS of some
of the objects has been changed from read-write to read-only but
it seems the "political climate" overrules what MAX-ACCESS used to
mean in STD 58.
--
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany
Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
