Hi,
This I-D describes specific minor changes to SNMPv3 to
use existing external AAA servers (used in dialup and CLI
authentication today) for key distribution and management,
using standard protocols.
Worth reading.
Cheers,
- Ira McDonald
High North Inc
-----Original Message-----
From: sbsm-bounces@machshav.com [mailto:sbsm-bounces@machshav.com]On Behalf
Of Kaushik Narayan
Sent: Wednesday, July 14, 2004 1:20 PM
To: sbsm@machshav.com
Cc: chris Elliott; jsalowey@cisco.com; kzm@cisco.com
Subject: [Sbsm] External User Security Model (EUSM) for version 3 of the
Simple Network Management Protocol (SNMPv3)
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
Title :
External User Security Model (EUSM) for version 3 of the
Simple Network Management Protocol (SNMPv3)
Author(s) :
K. Narayan, et al.
Filename :
draft-kaushik-snmp-external-usm-00.txt
Pages :
23
Date :
2004-7-13
SNMPv3 provides a framework for user identity based authentication,
privacy and granular access control. SNMPv3 aids secure
manageability
and overcomes one of major drawbacks in previous versions of
the SNMP
standard. There has been a significant lack of uptake for
deployment
of SNMPv3, and a number of organizations are still using
SNMPv1/SNMPv2c. This is because SNMPv3 does not integrate
well with
administrative security schemes defined for existing
management
interfaces like the device command line interfaces. We
believe this
is because the SNMPv3 standard does not address the issue of
management and distribution of the keying material for
SNMP.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-kaushik-snmp-external-usm-00.txt
To remove yourself from the I-D Announcement list, send a message to
i-d-announce-request at ietf.org with the word unsubscribe in the body of
the message.
You can also visit
https://www1.ietf.org/mailman/listinfo/I-D-announce
to change your subscription settings.
Internet-Drafts are also available by anonymous FTP. Login with the
username
"anonymous" and a password of your e-mail address. After
logging in,
type "cd internet-drafts" and then
"get
draft-kaushik-snmp-external-usm-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or
ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv
at ietf.org.
In the body type:
"FILE
/internet-drafts/draft-kaushik-snmp-external-usm-00.txt".
NOTE: The mail server at ietf.org can
return the document in
MIME-encoded
form by using the "mpack" utility. To use this
feature,
insert the command "ENCODING mime" before the
"FILE"
command.
To decode the response(s), you will need "munpack" or
a
MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit
different behavior, especially when dealing with
"multipart"
MIME messages (i.e. documents which have been split
up into
multiple messages), so check your local documentation on
how to
manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
<ftp://ftp.ietf.org/internet-drafts/draft-kaushik-snmp-external-usm-00.txt>
This archive was generated by hypermail 2b29 : Wed Jul 14 2004 - 13:49:35 EDT