Hi, Wes,
All of these work for me - and thanks for the explanations.
Thanks especially for the change to 6 - I was thinking "gotta get my eyes
checked!" ...
Spencer
2 WONTDO 3.1.1. Threats
~~~~~~~~~~~~~~~~~~~~~~~~~
SD> Oh, I agree that you shouldn't delete it, especially since you
SD> confirmed that it's normative. I was hoping for something a little
SD> more precise (like, naming a mandatory-to-implement non-NULL
SD> encryption cipher suite :-) and I'm now wondering why it's not a
SD> MUST/MUST unless X. But do the right thing ;-).
The idea was to leave algorithm requirements up to the base-protocols.
SNMP has a long history of not mandating encryption (for reasons that
are historic and probably no longer valid), and we didn't want to change
that. Hence the SHOULD.
Anyway, I'll leave it as is and consider this "closed". Thanks!
[similarly for the 2119 issue]
6 DONE 2) continued:
~~~~~~~~~~~~~~~~~~~~~
If the connection is being established for reasons
other than configuration found in the SNMP-TARGET-MIB
then configuration and procedures outside the scope of
this document should be followed. Configuration
SD> I'm easily confused, but isn't this sentence word-for-word what the
SD> original text said? :D
Um, whoops. Wrong copy/paste apparently. I should have quoted this:
If the connection is being established from configuration based
on SNMP-TARGET-MIB configuration, then the snmpTlstmAddrTable
DESCRIPTION clause describes how the verification is done (using
either a certificate fingerprint, or an identity authenticated
via certification path validation).
Which spells out more clearly "configuration based on" instead of
"reasons".
SD> If this is clear to those skilled in the art, no problem. I'm just
SD> telling you I can't parse it!
No, I'm sure it's confusing to anyone without a strong background in how
the SNMP-TARGET-MIB works in SNMP. We've tried to make it clean but I'm
more than certain to someone without knowledge of how the
SNMP-TARGET-MIB works you'd get quickly lost.
--
Wes Hardaker
Cobham Analytic Solutions
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf