At 02:00 PM 9/6/2005, Dave Crocker wrote:
Eliot,
I need your help to correct for an impending mistake by the ISMS
working group in the IETF.
Your note is clear and logical, and seems quite compelling.
Is there any chance of getting a proponent of the working group's
decision to post a defense?
(By the way, I am awestruck at the potential impact of changing SNMP
from UDP-based to TCP-based, given the extensive debates that took
place about this when SNMP was originally developed. Has THIS
decision been subject to adequate external review, preferably
including a pass by the IAB?)
I agree the argument is well laid out, and would be interested in
hearing the thinking of ISMS in response.
I'm more than a bit concerned, however, when folks start talking
about solutions that will permit things to pass through firewalls
without configuration. Those in charge of firewalls are often
purposely setting policy. If there is a perceived need for a policy
that prevents SNMP traffic, then it should remain possible for the
administrator of that network element to make that call. I must say I
have some concern with overlaying SNMP on SSH, since that precludes
the firewall knowing whether the traffic is general SSH keyboard
traffic or network management.
Let's hear more about the thinking involved.
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf