Mmm.. seems I even forget about such updates. OK, I agree we should make that change.
Randy (Bush) do you want me to do that or will you do it? Bert On 11/28/12 4:51 PM, Sean Turner wrote:
The MIB doctors approved a change to MIB security considerations: https://www.ietf.org/mail-archive/web/mib-doctors/current/msg01369.html change here: https://www.ietf.org/mail-archive/web/mib-doctors/current/msg01368.html Need to make the following change in the security considerations: OLD SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). NEW SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. Implementations MUST provide the security features described by the SNMPv3 framework (see [RFC3410]), including full support for authentication and privacy via the User-based Security Model (USM) [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations MAY also provide support for the Transport Security Model (TSM) [RFC5591] in combination with a secure transport such as SSH [RFC5592] or TLS/DTLS [RFC6353]. and add some new informative references: [RFC3414] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 3414, December 2002. [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model", RFC 3826, June 2004. [RFC5591] Harrington, D., and W. Hardaker, "Transport Security Model for the Simple Network Management Protocol (SNMP)", June 2009. [RFC5592] Harrington, D., Saloway, J., and W. Hardaker, "Secure Shell Transport Model for the Simple Network Management Protocol (SNMP)", June 2009. [RFC6353] W. Hardaker, "Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)", July 2011. spt _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
