[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re : keys visability (was : Re: auditing)
Sara Bitan says:
> I don't see any reason why secret and private keys should be "visible" let
> alone be "modifiable".
it is the other way around. The keys may need to be "modifiable", but
of course by NO MEANS should they be "visible".
When I said "sensitive information" I did not have the keys in mind!
> The only case when you need to modify keys, is when you use manual
> keying. Even in this case, I think we should discuss if SNMP is the best
> way to enter these keys.
Secure SNMP probably would be a "good enough" way, especially if
integrated in the management framework.
> I don't see any problem with having SNMP manage all but keys.
(:-)
> > 2. You either want IPSEC to be managed by SNMP or you don't.
> > In the first case, several crypto-related variables will
> > have to be not only "visible" but "modifiable"...
> > That's life.
Obviously this excludes the keys!
--
Regards,
Uri uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>
References: