From mailman-bounces@ietf.org Sat Jan 1 05:57:01 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA08702 for ; Sat, 1 Jan 2005 05:57:01 -0500 (EST) Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Ckh8B-000767-1v for ips-web-archive@ietf.org; Sat, 01 Jan 2005 06:09:11 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CkgEk-00070p-Ly for ips-web-archive@ietf.org; Sat, 01 Jan 2005 05:11:54 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: ietf.org mailing list memberships reminder From: mailman-owner@ietf.org To: ips-web-archive@ietf.org X-No-Archive: yes Message-ID: Date: Sat, 01 Jan 2005 05:03:13 -0500 Precedence: bulk X-BeenThere: mailman@lists.ietf.org X-Mailman-Version: 2.1.5 List-Id: Mailman site list X-List-Administrivia: yes Sender: mailman-bounces@ietf.org Errors-To: mailman-bounces@ietf.org X-Spam-Score: 0.3 (/) X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5 Content-Transfer-Encoding: 7bit This is a reminder, sent out once a month, about your ietf.org mailing list memberships. It includes your subscription info and how to use it to change it or unsubscribe from a list. You can visit the URLs to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. In addition to the URL interfaces, you can also use email to make such changes. For more info, send a message to the '-request' address of the list (for example, mailman-request@ietf.org) containing just the word 'help' in the message body, and an email message will be sent to you with instructions. ********************************************************************** NOTE WELL: Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to: o the IETF plenary session, o any IETF working group or portion thereof, o the IESG, or any member thereof on behalf of the IESG, o the IAB or any member thereof on behalf of the IAB, o any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices, o the RFC Editor or the Internet-Drafts function All IETF Contributions are subject to the rules of RFC 3667 and RFC 3668. Statements made outside of an IETF session, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice. Please consult RFC 3667 for details. ******************************************************************************* If you have questions, problems, comments, etc, send them to mailman-owner@ietf.org. Thanks! Passwords for ips-web-archive@ietf.org: List Password // URL ---- -------- ips@ietf.org epceek https://www1.ietf.org/mailman/options/ips/ips-web-archive%40ietf.org From ips-bounces@ietf.org Fri Jan 7 20:35:08 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA15870 for ; Fri, 7 Jan 2005 20:35:08 -0500 (EST) Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Cn5iZ-0005z6-A7 for ips-web-archive@ietf.org; Fri, 07 Jan 2005 20:48:42 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Cn5RB-0003WF-3i; Fri, 07 Jan 2005 20:30:41 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Cn5Q6-0003AB-0C for ips@megatron.ietf.org; Fri, 07 Jan 2005 20:29:34 -0500 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA15658 for ; Fri, 7 Jan 2005 20:29:32 -0500 (EST) Received: from e32.co.us.ibm.com ([32.97.110.130]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Cn5d8-0005Uk-SF for ips@ietf.org; Fri, 07 Jan 2005 20:43:06 -0500 Received: from westrelay02.boulder.ibm.com (westrelay02.boulder.ibm.com [9.17.195.11]) by e32.co.us.ibm.com (8.12.10/8.12.9) with ESMTP id j081SsFJ172042 for ; Fri, 7 Jan 2005 20:28:54 -0500 Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by westrelay02.boulder.ibm.com (8.12.10/NCO/VER6.6) with ESMTP id j081Ssr8413652 for ; Fri, 7 Jan 2005 18:28:54 -0700 Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.12.11/8.12.11) with ESMTP id j081SrmA003220 for ; Fri, 7 Jan 2005 18:28:53 -0700 Received: from d03nm115.boulder.ibm.com (d03nm115.boulder.ibm.com [9.17.195.141]) by d03av02.boulder.ibm.com (8.12.11/8.12.11) with ESMTP id j081SrBP003217 for ; Fri, 7 Jan 2005 18:28:53 -0700 To: ips@ietf.org MIME-Version: 1.0 Subject: [ips] iSER for SCTP and IB Draft Available X-Mailer: Lotus Notes Release 6.0.2CF1 June 9, 2003 From: John Hufferd Message-ID: Date: Fri, 7 Jan 2005 17:28:28 -0800 X-MIMETrack: Serialize by Router on D03NM115/03/M/IBM(Release 6.51HF338 | June 21, 2004) at 01/07/2005 18:28:53, Serialize complete at 01/07/2005 18:28:53 X-Spam-Score: 0.0 (/) X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f X-BeenThere: ips@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Storage List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1372953587==" Sender: ips-bounces@ietf.org Errors-To: ips-bounces@ietf.org X-Spam-Score: 0.0 (/) X-Scan-Signature: 5a9a1bd6c2d06a21d748b7d0070ddcb8 This is a multipart message in MIME format. --===============1372953587== Content-Type: multipart/alternative; boundary="=_alternative 000801BE88256F83_=" This is a multipart message in MIME format. --=_alternative 000801BE88256F83_= Content-Type: text/plain; charset="US-ASCII" For your information: An INTERNET DRAFT called draft-hufferd-ips-iser-sctp-ib-00.txt authored by John Hufferd, Mike Ko (IBM Corporation), and Yaron Haviv (Voltaire Ltd) Titled "Generalization of iSER for SCTP, Infiniband and other Network Protocols" is now available at the IETF Web Site, both as a TXT and a PDF file. . . John L. Hufferd Senior Technical Staff Member (STSM) IBM/System Group, San Jose CA Main Office: (408) 256-0403, Tie: 276-0403, eFax: (408) 904-4688 Alt Office: (408) 997-6136, Cell: (408) 499-9702 Internet Address: hufferd@us.ibm.com --=_alternative 000801BE88256F83_= Content-Type: text/html; charset="US-ASCII"
For your information:
An INTERNET DRAFT called draft-hufferd-ips-iser-sctp-ib-00.txt authored by John Hufferd, Mike Ko (IBM Corporation), and Yaron Haviv (Voltaire Ltd)  Titled "Generalization of iSER for SCTP, Infiniband and other Network Protocols" is now available at the IETF Web Site, both as a TXT and a PDF file.
.
.
John L. Hufferd
Senior Technical Staff Member (STSM)
IBM/System Group, San Jose CA
Main Office: (408) 256-0403, Tie: 276-0403, eFax: (408) 904-4688
Alt Office: (408) 997-6136, Cell: (408) 499-9702
Internet Address: hufferd@us.ibm.com --=_alternative 000801BE88256F83_=-- --===============1372953587== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ Ips mailing list Ips@ietf.org https://www1.ietf.org/mailman/listinfo/ips --===============1372953587==-- From ips-bounces@ietf.org Thu Jan 27 16:27:54 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA00186 for ; Thu, 27 Jan 2005 16:27:54 -0500 (EST) Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CuHSR-0000IP-8s for ips-web-archive@ietf.org; Thu, 27 Jan 2005 16:45:43 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CuGg2-0002at-6E; Thu, 27 Jan 2005 15:55:42 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CuGej-0001sB-Bx; Thu, 27 Jan 2005 15:54:21 -0500 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA23501; Thu, 27 Jan 2005 15:54:19 -0500 (EST) Message-Id: <200501272054.PAA23501@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Date: Thu, 27 Jan 2005 15:54:18 -0500 Cc: ips@ietf.org Subject: [Ips] I-D ACTION:draft-ietf-ips-auth-mib-06.txt X-BeenThere: ips@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Storage List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: ips-bounces@ietf.org Errors-To: ips-bounces@ietf.org X-Spam-Score: 0.4 (/) X-Scan-Signature: a87a9cdae4ac5d3fbeee75cd0026d632 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Storage Working Group of the IETF. Title : Definitions of Managed Objects for User Identity Authentication Author(s) : M. Bakke, J. Muchow Filename : draft-ietf-ips-auth-mib-06.txt Pages : 33 Date : 2005-1-27 This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP based internets. In particular it defines objects for managing user identities and the names, addresses, and credentials required manage access control, for use with various protocols. This draft was motivated by the need for the configuration of authorized user identities for the iSCSI protocol, but has been extended to be useful for other protocols that have similar requirements. It is important to note that this MIB module provides only the set of identities to be used within access lists; it is the responsibility of other MIB modules making use of this one to tie them to their own access lists or other authorization control methods. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ips-auth-mib-06.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-ips-auth-mib-06.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-ips-auth-mib-06.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2005-1-27144008.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-ips-auth-mib-06.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-ips-auth-mib-06.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2005-1-27144008.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-Transfer-Encoding: 7bit _______________________________________________ Ips mailing list Ips@ietf.org https://www1.ietf.org/mailman/listinfo/ips --NextPart-- From ips-bounces@ietf.org Thu Jan 27 21:50:16 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA26681 for ; Thu, 27 Jan 2005 21:50:16 -0500 (EST) Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CuMUR-0007eh-P0 for ips-web-archive@ietf.org; Thu, 27 Jan 2005 22:08:08 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CuM6V-0004xN-FM; Thu, 27 Jan 2005 21:43:23 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CuM2b-00049O-AC for ips@megatron.ietf.org; Thu, 27 Jan 2005 21:39:21 -0500 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA26149 for ; Thu, 27 Jan 2005 21:39:19 -0500 (EST) Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CuMJq-0007SB-D9 for ips@ietf.org; Thu, 27 Jan 2005 21:57:10 -0500 Received: from sj-core-3.cisco.com (171.68.223.137) by sj-iport-5.cisco.com with ESMTP; 27 Jan 2005 18:39:40 -0800 X-BrightmailFiltered: true X-Brightmail-Tracker: AAAAAA== Received: from cisco.com (sjc-mbakke-vpn1.cisco.com [10.25.101.82]) by sj-core-3.cisco.com (8.12.10/8.12.6) with SMTP id j0S2d8RO025348; Thu, 27 Jan 2005 18:39:09 -0800 (PST) Message-ID: <41F9A5CC.1050104@cisco.com> Date: Thu, 27 Jan 2005 20:39:08 -0600 From: Mark Bakke User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ips@ietf.org Subject: Re: [Ips] I-D ACTION:draft-ietf-ips-auth-mib-06.txt References: <200501272054.PAA23501@ietf.org> In-Reply-To: <200501272054.PAA23501@ietf.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Scan-Signature: 9af087f15dbdd4c64ae6bbcdbc5b1d44 Content-Transfer-Encoding: 7bit Cc: Michael MacFaden X-BeenThere: ips@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Storage List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: ips-bounces@ietf.org Errors-To: ips-bounces@ietf.org X-Spam-Score: 0.0 (/) X-Scan-Signature: e8c5db863102a3ada84e0cd52a81a79e Content-Transfer-Encoding: 7bit This draft was issued to address Michael MacFaden's MIB doctor review comments. It also addresses a few issues (StorageType and top-level numbering) brought up in the iSCSI MIB review that apply here as well. Here is a brief summary of changes since -05: - IANA Considerations section added requesting OID - Text added to 4.2 to clarify that index values need not be preserved across reboots - Added the use of the StorageType TC for all tables containing RowStatus (this addresses a comment against the iSCSI MIB which also applies here) - Renumbered top level to match Appendix D of draft-ietf-ops-mib-review-guidelines-03.txt - Added DESCRIPTION text to Index attributes to say they need not be preserved across reboots - Updated DESCRIPTIONs on RowStatus attributes - Added REFERENCE fields for ChapUserName, SrpUserName, and KerbPrincipal attributes - Moved CHAP, SRP, and Kerberos references to Normative section And a few administrative changes: - Authors' addresses updated - Authors' phone numbers removed - Dates updated - Updated IPR Notice - Updated first page IPR Notice - Updated copyright statement - Updated references This MIB module passed smilint 0.4.3 with no errors. Diffs between -05 and -06 are available at: ftp://ftpeng.cisco.com/mbakke/ips/auth-mib/auth-mib-diffs-05-06.txt The draft, along with a .mi2 MIB-only (no internet-draft text) file are available at ftp://ftpeng.cisco.com/mbakke/ips/auth-mib/ Mark Internet-Drafts@ietf.org wrote: >A New Internet-Draft is available from the on-line Internet-Drafts directories. >This draft is a work item of the IP Storage Working Group of the IETF. > > Title : Definitions of Managed Objects for User Identity Authentication > Author(s) : M. Bakke, J. Muchow > Filename : draft-ietf-ips-auth-mib-06.txt > Pages : 33 > Date : 2005-1-27 > >This memo defines a portion of the Management Information Base (MIB) > for use with network management protocols in TCP/IP based internets. > In particular it defines objects for managing user identities and the > names, addresses, and credentials required manage access control, for > use with various protocols. This draft was motivated by the need for > the configuration of authorized user identities for the iSCSI > protocol, but has been extended to be useful for other protocols that > have similar requirements. It is important to note that this MIB > module provides only the set of identities to be used within access > lists; it is the responsibility of other MIB modules making use of > this one to tie them to their own access lists or other authorization > control methods. > >A URL for this Internet-Draft is: >http://www.ietf.org/internet-drafts/draft-ietf-ips-auth-mib-06.txt > >To remove yourself from the I-D Announcement list, send a message to >i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. >You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce >to change your subscription settings. > > >Internet-Drafts are also available by anonymous FTP. Login with the username >"anonymous" and a password of your e-mail address. After logging in, >type "cd internet-drafts" and then > "get draft-ietf-ips-auth-mib-06.txt". > >A list of Internet-Drafts directories can be found in >http://www.ietf.org/shadow.html >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > >Internet-Drafts can also be obtained by e-mail. > >Send a message to: > mailserv@ietf.org. >In the body type: > "FILE /internet-drafts/draft-ietf-ips-auth-mib-06.txt". > >NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > >Below is the data which will enable a MIME compliant mail reader >implementation to automatically retrieve the ASCII version of the >Internet-Draft. >------------------------------------------------------------------------- >CONTENT ABOVE THIS LINE IS *NOT* FROM CISCO INFORMATION TECHNOLOGY >------------------------------------------------------------------------- >In order to maintain computing infrastructure integrity, Cisco Systems >Enterprise Messaging Services and InfoSec teams have set a mail policy >disallowing executable attachments in email. > >This message contained an executable attachment type that is prohibited >by this policy. The attachment has been removed from this message and >copied to quarantine by our systems. It will be held in quarantine for >seven days in the event that the content needs to be retrieved. > >Please be aware many viruses attempt to look like legitimate email or >notifications from anti-virus systems. We will clearly mark a seperation >between our notifications and the original email as follows: > > "CONTENT ABOVE THIS LINE IS *NOT* FROM CISCO INFORMATION TECHNOLOGY" > >For further reference information about viruses and email antivirus >efforts within Cisco, please visit: > >http://wwwin.cisco.com/it/ems/services/antiviral > >If your concern isn't addressed by the information in this notification >or the above web page, you may open a support request: > >http://wwwin.cisco.com/support/ > >Select "Messaging", "Email-Related", "Mail Routing" > >Please include in the text of your case the following information: > >* Full headers of the message. Documentation on displaying the full >headers is available at this URL: > >http://wwwin.cisco.com/support/library/faqs/solution002471.html > >* This unique quarantine identifier: j0RLTCoI007790 > >If the matter is urgent, you may follow up by calling one of the below >referenced numbers. Please make every effort to provide the above >requested information via the support web tool prior to calling as it >will greatly aid the resolution of your issue. > >Americas: >1 408 526 8888 > >Asiapac >+61 2 8446 8888 > >EMEA >+31 20 485 4888 > >Japan >+81 3 5549 6888 > >US (Toll Free) >1| 800| 888| 8187| (ext.68888) > >Thank you for your cooperation, > >Enterprise Messaging Services >Cisco Systems, Inc > > >------------------------------------------------------------------------ > >_______________________________________________ >Ips mailing list >Ips@ietf.org >https://www1.ietf.org/mailman/listinfo/ips > > > _______________________________________________ Ips mailing list Ips@ietf.org https://www1.ietf.org/mailman/listinfo/ips From ips-bounces@ietf.org Fri Jan 28 02:57:22 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA03182 for ; Fri, 28 Jan 2005 02:57:21 -0500 (EST) Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CuRHc-0005YY-Qg for ips-web-archive@ietf.org; Fri, 28 Jan 2005 03:15:14 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CuQx0-0006Kk-F0; Fri, 28 Jan 2005 02:53:54 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CuMTg-0001yv-Lb for ips@megatron.ietf.org; Thu, 27 Jan 2005 22:07:20 -0500 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA27632 for ; Thu, 27 Jan 2005 22:07:18 -0500 (EST) Message-Id: <200501280307.WAA27632@ietf.org> Received: from rwcrmhc13.comcast.net ([204.127.198.39]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CuMkw-0007yC-0l for ips@ietf.org; Thu, 27 Jan 2005 22:25:10 -0500 Received: from djyxpy41 (h00104b8ce2a3.ne.client2.attbi.com[24.128.104.220]) by comcast.net (rwcrmhc13) with SMTP id <20050128030648015009lttle>; Fri, 28 Jan 2005 03:06:48 +0000 From: "David B Harrington" To: , Date: Thu, 27 Jan 2005 22:06:44 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcUE5mVzymr+TIc8TamsmaMLFQRRWw== X-Spam-Score: 0.1 (/) X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Fri, 28 Jan 2005 02:53:49 -0500 Cc: ips@ietf.org Subject: [Ips] IPS Authorization MIB X-BeenThere: ips@ietf.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dbharrington@comcast.net List-Id: IP Storage List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: ips-bounces@ietf.org Errors-To: ips-bounces@ietf.org X-Spam-Score: 0.9 (/) X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1 Content-Transfer-Encoding: 7bit Hi, A few comments after a very quick read: I have some concerns with the whole concept of having a table of security identities and credentials. This is a tremendous security weakness if not properly protected. You should have a LOT of discussion in the text about the security threats to consider and how they can be mitigated. Since you intend this for multipel protocols to share, you will probably need to be really specific about the security protections that any using protocol MUST abide when using this mib module. If any other rotocol has the ability to modify this table, then you should discuss at least all the threats discussed in the SNMPv3 architecture document. Assuming you can address this issue adequately, here are some design specifics to consider: 1) There is a movement afoot to discourage normative references to SMIv1 mib documents. You should try to use normative references to only SMIv2 mib documents if possible; try not to reference RFC1213, for instance. 2) the discussion of ipsAuthInstance mentions a number of ways to partition that data (partitioning, stackables, etc.). In SNMP, contexts serve this purpose. It would probably be a good thing to discuss how contexts would serve this purpose for your mib. Contexts are an important aspect of SNMP security. 3) the index into ipsAuthInstanceAttributesEntry is a part of the public interface (to use an O-O term), which means it is used by management stations. If this can change across reboots, this could be problematic. It is best if this doesn't change across reboots, but if it does, you need to provide a non-changing identifier so management stations can correlate the information. This was done with the IF-MIB to accommodate ifIndex changes on reboots, but has proven difficult and should be avoided if possible, especially on writable tables. If you permit the indicies to change across reboots, you need to limit reuse of indices to prevent the case where a manager reads the table, selects a row to modify (or create), the system reboots, and the manager modifies the wrong row of data. Typically this can be hanlded by using monotonically incrementing indices that are not reused until the whole range of possible indices has been used. A nextAvailableIndex scalar also might help. 4) I suggest that relationship to other mib modules should at least discuss how this table relates to the USM mib, which also contains a list of users for authentication/authorization purposes for SNMP. 5) "An entry in this table is typically referenced by its name (ipsAuthInstDescr), which should be displayed to the user by the management station." If this is the way you expect the rows to be refernced, why haven't you indexed the row by this field? Note that there is no requirement in your mib that this descr be unique, so if this table is referenced by this field, what happens when there is duplication? 6) You suggest that a name should be globally unique. "globally" is not sufficiently specific to be unambiguous. If you truly mean that there is only one anywhere on earth, that's pretty hard to guarantee. You probably mean within an adminstrative domain, but given multiple protocols sharing the table, even that might be difficult to pin down. You'll need to determine just what the requirement is to make this unambiguous. 7) "An identity can contain multiple names, addresses, and credentials." is ambiguous. Can you describe this in MIB module terms? How are they separated - different rows, or delimited substrings, or ... ? 8) I suspect the area directors won't like your COMPILE hint; it stands too much chance of somebody releasing product using that unassigned OID. 9) ipsAuthInstDescr - in a master/subagent implementation, I'm not sure the subagents know if they are the only instance; who would determine there was only one instance? If a zero-length string is used, how does one reference the instance by name (see #5)? I figure that's enough to start with ;-) Hope it's helpful David Harrington dbharrington@comcast.net co-chair IETF SNMPv3 WG, concluded _______________________________________________ Ips mailing list Ips@ietf.org https://www1.ietf.org/mailman/listinfo/ips