Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models
RFC 5608

Note: This ballot was opened for revision 07 and is now closed.

(Pasi Eronen) Yes

(Dan Romascanu) Yes

(Jari Arkko) (was Discuss) No Objection

(Ron Bonica) No Objection

(Ross Callon) No Objection

(Ralph Droms) No Objection

(Lisa Dusseault) No Objection

(Lars Eggert) No Objection

(Adrian Farrel) No Objection

Comment (2009-05-04 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
Table 2 says
   0    This attribute MUST NOT be present in a packet.
   0+   Zero or more instances of this attribute MAY be present in
        a packet.
   0-1  Zero or one instance of this attribute MAY be present in
        a packet.
   1    Exactly one instance of this attribute MUST be present in
        a packet.
   *    Only one of these atribute options SHOULD be included.

But:
- table 1 has no instance of 0+
- table 1 has no instance of 1
- * seems to contradict 0-1

(Russ Housley) No Objection

(Cullen Jennings) No Objection

Alexey Melnikov No Objection

Comment (2009-05-03 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
2.3.  SNMP Service Authorization

 [...]

   There are no combinations of RADIUS attributes that denote the
   equivalent of SNMP noAuthNoPriv access, as RADIUS always involves the
   authentication of a user (i.e. a principal) as a prerequisite for
   authorization.  RADIUS can be used to to provide an "Authorize-Only"

Extra "to".

   service, but only when the request contains a "cookie" from a
   previous successful authentication with the same RADIUS server (i.e.
   the RADIUS State Attribute).


5.  Security Considerations

 [...]

   The Message-Authenticator (80) attribute [RFC3579] SHOULD be used
   with RADIUS messages that are described in this memo.

Some explanation of why would be helpful here.

(Tim Polk) (was No Record, Discuss) No Objection

(Robert Sparks) No Objection

Magnus Westerlund No Objection