Speaking as a contributor I support option b) - (actually a+b) Dan
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Juergen Schoenwaelder > Sent: Thursday, June 26, 2008 11:00 AM > To: David Harrington > Cc: 'General Area Review Team'; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: Re: > [OPSAWG]Gen-ARTLCreviewofdraft-ietf-opsawg-snmp-engineid-disco > very-02.txt > > On Thu, Jun 26, 2008 at 08:56:14AM +0800, David Harrington wrote: > > > I think the benefit to operators is greater than the risk of giving > > the same benefit to attackers. I am not convinced this > information is > > sensitive. > > I though security considerations should spell out potential > risks so that people deploying technology can think about > them and take an informed decision. How can we claim that we > understand the benefit risk trade-offs? > > An an editor, I need to understand the WG consensus. I > currently see three options on the table: > > a) document the potential information leakage associated with > snmpEngineID discovery > > b) declare that this potential information leakage is a feature that > is RECOMMENDED to support > > c) remove all discussion about this issue and simply stay silent, > following the spirit of the USM standard > > /js > > -- > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany > Fax: +49 421 200 3103 <http://www.jacobs-university.de/> > _______________________________________________ > OPSAWG mailing list > [EMAIL PROTECTED] > https://www.ietf.org/mailman/listinfo/opsawg > _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art
