[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec MIB
In message <9704100418.AA54137@hawpub.watson.ibm.com>, Uri Blumenthal
writes:
>An access to these particular objects should be restricted in
>any case, or these objects may not exist at all. The question
>here is whether the usefulness of these objects justifies
>their existence (and so we should devise a way to remove
>or minimize the exposure), or the benefit is too small
>to bother.
Well, i think that:
a) this is useful mostly for debugging (-> development)
b) why open a potential hole there if it's not going to be used by
your every-day user/admin/whoever
>Of course KMP can be instrumented too... Should it be...?
I believe that mandating KMPs to monitor SNMP variables is
unreasonable (i will admit i have little knowledge of the inner
workings of SNMP). If you make it optional, router vendors will probab
ly
support it.
Current IETF policy requires that every protocol have a MIB, and that
all network elements be manageable via SNMP.
After all, if we can mandate security, others can mandate manageability...