[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec MIB

To: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
Subject: Re: IPSec MIB
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Fri, 11 Apr 1997 07:27:56 -0500
cc: uri@watson.ibm.com, ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

	 In message <9704100418.AA54137@hawpub.watson.ibm.com>, Uri Blumenthal 
	writes:
	 >An access to these particular objects should be restricted in
	 >any case, or these objects may not exist at all. The question
	 >here is whether the usefulness of these objects justifies
	 >their existence (and so we should devise a way to remove
	 >or minimize the exposure), or the benefit is too small
	 >to bother.
	 
	 Well, i think that:
	 a) this is useful mostly for debugging (-> development)
	 b) why open a potential hole there if it's not going to be used by
	 your every-day user/admin/whoever
	 
	 >Of course KMP can be instrumented too...  Should it be...?
	 
	 I believe that mandating KMPs to monitor SNMP variables is
	 unreasonable (i will admit i have little knowledge of the inner
	 workings of SNMP). If you make it optional, router vendors will probab
	ly
	 support it.

Current IETF policy requires that every protocol have a MIB, and that
all network elements be manageable via SNMP.

After all, if we can mandate security, others can mandate manageability...

Prev by Date: Re: Slicing and Dicing in new-esp
Next by Date: Re: Slicing and Dicing in new-esp
Prev by thread: Re: IPSec MIB
Next by thread: Re: IPSec MIB
Index(es):
- Main
- Thread