adnan@sgtech.UUCP (Adnan Yaqub) (02/07/90)
In reading the SNMP RFCs I find mention of authentication of PDUs. Are there any standards for authentication mechanisms. For example, if I make a widget which has a SNMP agent in it, how should I treat the issue of authentication so as to maximize the number of communities in which my product can be sold? Are most networks going to do trivial (read no) authentication? What does the NYSERnet (What's their new name? Performance something or another?) code do? IMHO it seems dangerous to run a network with trivial authentication, and thus allow complete strangers to reboot network entities at will. -- Adnan Yaqub Star Gate Technologies, 29300 Aurora Rd., Solon, OH, USA, +1 216 349 1860 ...cwjcc!ncoast!sgtech!adnan ...uunet!abvax!sgtech!adnan
galvin@TIS.COM (James M Galvin) (02/16/90)
In reading the SNMP RFCs I find mention of authentication of PDUs. Are there any standards for authentication mechanisms. I have not seen a reply on the TCP-IP list, so let me do that. There is currently work in progress, which is closing fast, to define 3 authentication mechanisms. The first is just a recasting of the trivial authentication identified in the SNMP specification. The remaining two are an integrity mechanism and mechanism that supports both integrity and confidentiality. The draft of the first document is available via anonymous FTP from nic.ddn.mil in the internet-drafts: directory. You can not miss it. There are 2 supporting documents to the specification that will be appearing shortly. They were all distributed at the IETF meeting last week. Following some final editing they will also become Internet drafts. The 3 documents could be described as follows: 1. How to do integrity and confidentiality assuming the existence of the necessary secrets (for example the cryptographic key). 2. How to distribute the necessary secrets. 3. What MIB objects are useful to documents 1 and 2. Jim PS. I am one of the authors of all three documents.