[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSEC MIBs?

To: ipsec@tis.com
Subject: RE: IPSEC MIBs?
From: Paul Koning <pkoning@xedia.com>
Date: Thu, 28 May 1998 09:19:58 -0400
References: <250F9C8DEB9ED011A14D08002BE4F64C01959171@wade.reo.dec.com>
Sender: owner-ipsec@ex.tis.com

 -----Original Message----- From: Ran Atkinson
 Ran> [SMTP:rja@inet.org] Sent: Thursday, May 28, 1998 3:11 AM To:
 Ran> Ran Waters Subject: Re: IPSEC MIBs?

 Ran> Doing a useful MIB for IPsec would tend to reduce the
 Ran> security of an IPsec implementation to the min(IPsec
 Ran> security, SNMP security).  The latter (SNMP Security) is
 Ran> generally accepted to be weaker (especially pre-SNMPv3, but
 Ran> even with SNMPv3 in place).

 Ran> I'd suggest that weakening the security of an implementation
 Ran> of a security protocol is probably not a good global
 Ran> optimisation.

True.  But any IPSEC implementation will have management, and any
implementation of IPSEC has the property that it is as strong as its
weakest link.  It strikes me that replacing proprietary MIBs by a
standard MIB can only improve matters.

As Stephen Waters pointed out, quite apart from whatever mechanisms
SNMP itself may have (adequate or not), one can protect SNMP by
carrying it over IPSEC once IPSEC has been bootstrapped using local
management.

	paul

References:

RE: IPSEC MIBs?

From: Stephen Waters <Stephen.Waters@digital.com>

Prev by Date: Re: IPCOMP and IPSEC
Next by Date: RE: IPSEC MIBs?
Prev by thread: RE: IPSEC MIBs?
Next by thread: RE: IPSEC MIBs?
Index(es):
- Main
- Thread