PMP Mail Archive: RE: PMP> Posted Last Call draft of Port Mo

PMP Mail Archive: RE: PMP> Posted Last Call draft of Port Mo

RE: PMP> Posted Last Call draft of Port Mon MIB (10 March 2005)

From: Wijnen, Bert (Bert) (bwijnen@lucent.com)
Date: Mon Mar 14 2005 - 05:09:41 EST

  • Next message: McDonald, Ira: "RE: PMP> Posted Last Call draft of Port Mon MIB (10 March 2005)"

    The CommunityString (in SNMPv1 and v2c) is intended as a (albeit)
    weak secret, and not to be a human-consumable string. Such
    has been the case since the origins of SNMP, and it has ALWAYS been
    an OCTET STRING. So any agent (and manager) is supposed to be
    able to handle any octet value (also those that are NOT in the
    NVT ASCII set). ANd by using a DisplayString in your MIB module,
    you seem to be telling compliant implementations that they
    would not be compliant with your MIB module.

    Does this help?

    In general, I do not think that using community strings is wise at
    all in this world. But ymmv.

    Bert

    > -----Original Message-----
    > From: McDonald, Ira [mailto:imcdonald@sharplabs.com]
    > Sent: Monday, March 14, 2005 04:49
    > To: 'Wijnen, Bert (Bert)'; McDonald, Ira; 'pmp@pwg.org'; 'pwg@pwg.org'
    > Subject: RE: PMP> Posted Last Call draft of Port Mon MIB (10
    > March 2005)
    >
    >
    > Hi Bert,
    >
    > I think we need some technical advice here about the syntax of
    > SNMP community strings. You said recently (in this thread):
    >
    > "Well, there maybe broken SNMP implementation that only
    > accept ASCII for
    > community string. But I think you are now swinging the other way to
    > not accept compliant SNMP implementations that DO accept non-ascii
    > charatcers in community string."
    >
    > In the Printer Port Monitor MIB, I made our community string object
    > have a syntax of 'DisplayString' (NVT-ASCII).
    >
    > Strangely, in the SNMP-COMMUNITY-MIB (RFC 3854), they use a syntax
    > of 'OCTET STRING'. Which seems the worst of all possible worlds.
    > Since the charset is completely ambiguous, it's impossible to
    > display to users. Several years ago on the SNMPv3 list I argued
    > (unsuccessfully) that the syntax should be 'SnmpAdminString',
    > so that meaningful user display was possible. I remain unpersuaded
    > that mixing charsets across an enterprise network for community
    > strings can possibly ever be beneficial.
    >
    > Care to offer us some advice?
    >
    > Cheers,
    > - Ira
    >
    > Ira McDonald (Musician / Software Architect)
    > Blue Roof Music / High North Inc
    > PO Box 221 Grand Marais, MI 49839
    > phone: +1-906-494-2434
    > email: imcdonald@sharplabs.com
    >



    This archive was generated by hypermail 2b29 : Mon Mar 14 2005 - 05:10:07 EST