[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re : keys visability (was : Re: auditing)

To: sarab@radguard.com (Sara Bitan)
Subject: Re: Re : keys visability (was : Re: auditing)
From: Uri Blumenthal <uri@watson.ibm.com>
Date: Wed, 9 Apr 1997 00:13:32 -0400 (EDT)
Cc: ipsec@tis.com
In-Reply-To: <Pine.SUN.3.91.970408191308.8974A-100000@elgamal.radguard.com> from "Sara Bitan" at Apr 8, 97 07:40:09 pm
Reply-To: uri@watson.ibm.com
Sender: owner-ipsec@ex.tis.com

Sara Bitan says:
> I don't see any reason why secret and private keys should be "visible" let 
> alone be "modifiable". 

it is the other way around. The keys may need to be "modifiable", but
of course by NO MEANS should they be "visible".

When I said "sensitive information" I did not have the keys in mind!

> The only case when you need to modify keys, is when you use manual 
> keying. Even in this case, I think we should discuss if SNMP is the best 
> way to enter these keys. 

Secure SNMP probably would be a "good enough" way, especially if
integrated in the management framework.

> I don't see any problem with having SNMP manage all but keys.

(:-)

> > 2. You either want IPSEC to be managed by SNMP or you don't.
> >    In the first case, several crypto-related variables will 
> >    have to be not only "visible" but "modifiable"...
> >    That's life.

Obviously this excludes the keys!
-- 
Regards,
Uri		uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>

References:

Re : keys visability (was : Re: auditing)

From: Sara Bitan <sarab@radguard.com>

Prev by Date: Comments on draft-ietf-ipsec-new-auth-00.txt
Next by Date: RE: isakmp doubts
Prev by thread: Re : keys visability (was : Re: auditing)
Next by thread: Re: auditing
Index(es):
- Main
- Thread