On Fri, Aug 29, 2014 at 08:01:32AM -0400, Sam Hartman wrote: > >>>>> "Juergen" == Juergen Schoenwaelder > >>>>> <[email protected]> writes: > > Juergen> At least, we should not confuse 'Abstract Service > Juergen> Interfaces', 'Subsystems', 'Models' and 'extension points' > Juergen> (which is a new concept since so far Models do not have > Juergen> such plugin extension points). > > Hmm, I actually do think USM has several such extension points. > There does seem to be an extension point for an authentication algorithm > in the model already. > > It's been my experience that adding security algorithms without such > extension points does tend to cause problems both in interoperability > because you tend to use much less pprecision when you don't need to > define a clear extension point and in security because that lack of > precision tends to lead to security analysis problems. I've seen this > both in the routing area and with core security protocols. > > I don't have enough SNMP experience to figure out whether the results > will be different here. >
Let me try to clarify my statement. I was trying to say is that we should not use references to RFC 3011 architectural modularity in this discussion since the RFC 3011 modularity concerns subsystems not what happens in modules implementing subsystems. In particular, ISMS was struggling with the fact that the subsystems did not forsee security provided by the transport. What we are discussing here is different from that. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
