[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: snmpconf Comments on BCP-09



Nit:
> >16) Section 3.12, last para, reference to RFC 2591 is not correct.
> >     Note that RFC 2591 (section 6) is incorrect (or at least
> >     misleading) in its description that implies that VACM
> >     provides per user access control. VACM does not provide
> >     per user, but instead provides per group granularity.
> >     This makes a difference, and renders the last paragraph
> >     in section 3.12 pretty bogus.
> 
> Point taken.  The sentence in the middle now reads:
> 
> If so, an "OwnerString" may be used as the first component of a table's 
> index to allow VACM to be used to protect access to subsets of rows, at 
> least at the level of securityName or groupName provided. RFC 2591 
> [23], Section 6  presents this technique in detail.
> 
Note that RFC2591 has now been obsoleted by RFC3231.

Further...

- Please not that RFc-Editor requires References to be split in
  normative and non-normative these days.
  See: http://www.rfc-editor.org/policy.html towards the bottom

- RFC Editor always worries about refences to web pages.
  How stable are they?

- I see that various other docs (I-Ds) are now RFCs.
  You may want to re-check all your references. I guess they
  were created a long time ago and things may have changed
  (often for the better).

Further, I am not sure if section 6 is meant as the
Security Considerations section. I know that Sec ADs
(and many others) will look for that section. If it is meant
that way, then maybe better name it that way.
Otherwise, add such a section, describe the security
considerations of this document, and also point to sect 6.

I sse that the word MUST is used once (in a quoted piece
of text from INET-ADDRESS-MIB). I think I can live with that
with reference to RFC2119. Not sure if all IESG members
will accept that. You might just want to add the reference
and put some words about the use of such terms in intro
of document.
Bert