Re: Key Managment Query/Comments...

["Perry E. Metzger" <pmetzger@lehman.com>]

Frank Kastenholz says:
> The reason is simple. The purpose of the SNMP is to detect, diagnose,
> and fix network failures. If the key-distribution-protocol fails, how
> can SNMP be used to detect, diagnose, and fix the key-distribution
> protocol? Similarly, if the SNMP manager/agent can not reach a
> key-distribution server to, e.g., validate keys or tickets or whatever,
> then SNMP can not be used to fix other things as well.

It can't if it hasn't prefetched the public keys, but it can easily
get them while the network is still functioning and hold on to them,
thus providing it with the keys for those periods when it ceases to
function. Most SNMP management systems tend to poll the same machines
over and over again, so holding on to them is no big deal.

In our network here at Lehman, we have about 3000 workstations and I'd
guess no more than 4000 managed objects altogether. Assuming 1K per
key, a cache of all the keys for the firm will fit in 4MB of space,
which is fine. Assuming a firm with 100 times the number of managed
objects and you still could fit in an really cheap disk, which will
only get cheaper.

Perry

---

References:

• Re: Key Managment Query/Comments...
• From: kasten@ftp.com (Frank Kastenholz)

---

• Prev by Date: Re: Key Managment Query/Comments...
• Next by Date: Re: Key Managment Query/Comments...
• Prev by thread: Re: Key Managment Query/Comments...
• Next by thread: Re: Key Managment Query/Comments...
• Index(es):
  • Main
  • Thread