Simpler and More Secure Architectures for SNMPv3
draft-maughan-nsa-snmpv3-sec-01
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | Stephen Borbash , Bill Freeman , Douglas Maughan , Michael Baer | ||
| Last updated | 2001-11-27 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document presents simpler and more secure architectures for SNMPv3 agents than the ones specified in RFCs 2271-2275. Agent security is improved by restricting each module's access to data, using the 'principle of least privilege'. The new agent architectures are analyzed in terms of software complexity as well as security, and are shown in some respects to be simpler. Finally, an implementation prototype of this architecture is presented.
Authors
Stephen Borbash
Bill Freeman
Douglas Maughan
Michael Baer
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)