RE: usm_check_secLevel and RFC3414

Thanks Wes. That is what I thought.

Regards,
Pablo

> -----Original Message-----
> From: Wes Hardaker [mailto:hardaker@users.sourceforge.net]
> Sent: Wednesday, February 07, 2007 1:33 PM
> To: Passera Pablo-APP015
> Cc: net-snmp-coders@lists.sourceforge.net
> Subject: Re: usm_check_secLevel and RFC3414
>
> >>>>> "PP" == Passera Pablo-APP <Passera> writes:
>
> PP> My question is, is this a correct interpretation of the
> RFC? Or the
> PP> correct action would be to compare the security levels
> and if those
> PP> don't match then discard the packet? (in the later case
> the packet
> PP> shall arrive with exactly the same security level than
> the user in
> PP> the USM
> PP> table)
>
> That isn't correct thinking. That point in the RFC is
> attempting to make sure that a user doesn't try to receive a
> encrypted packet (for
> example) when it doesn't support an encryption protocol (IE,
> if none was configured for it).
>
> It is not trying to imply policy with what level of
> protection a packet must have to arrive for that user.
> That's the job of the VACM.
> --
> Wes Hardaker
> Sparta, Inc.
>

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/...et-snmp-coders