[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: snmpconf Issue #17: security questions



Greetings,

http://www.snmp.com/snmpconf/mailing-list/msg00661.html has the 
thread in question.

There have been two messages thus far.  That is simply not enough 
to make any judgement on so-called "consensus".  So... I'm going
to give my viewpoint.  Other voices welcome.

*chair hat off, technoweeníe hat on*
 
 I personally believe that it's going to be very difficult to do
 better than the DISMAN folks have done and am inclined to leave
 the security model as it is (since that seems to be what DISMAN
 decided - Juergen?  Randy?).

 There may be reason to wordsmith to some degree, but operating
 under the credentials of the last writer seems to be the right
 thing to do given what I know now.

Wes wrote:
> 1) leave as is.  I don't think this is a good option.
> First off, who is the code is going to be run as shouldn't
> be determined by who wrote the code.

That's not what happens.  Who _wrote_ the code and who _writes_
the code into the code tables are two entirely separate issues.

> Even worse, who wrote
> (updated) the "last segment" of the code even though all the
> other segment was someone else.

Keep in mind, of course, that the code tables are protected by
the VACM.  So, if you only want joe to write to the table, you
can do that.  If you set it up so that both joe and mary are
allowed to write, then you'd better be sure joe and mary know
what they're doing.  I see the VACM as the solution to what
you're describing.

So, I believe we have it right - or the best we can do - already.

With kind regards,

--
David Partain                  David.Partain@ericsson.com
Ericsson Radio Systems AB      Tel:    +46 13 28 41 44
Research and Innovation        Fax:    +46 13 28 75 67
P.O. Box 1248
SE-581 12  Linköping, Sweden