Path: utzoo!attcan!uunet!lll-winken!lll-lcc!ames!pasteur!ucbvax!GATEWAY.MITRE.ORG!hal
From: hal@GATEWAY.MITRE.ORG (Hal Feinstein)
Newsgroups: comp.protocols.tcp-ip
Subject: Network Security
Message-ID: <8812201341.AA03758@gateway.mitre.org>
Date: 20 Dec 88 13:41:48 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 21


 
avsd.childers@tycho reports

>>We need some *serious* authentication capability in SNMP.
> I hope its not mandatory ... it adds overhead that's
> not always needed.

I'm not sure I'm buying this just yet. Sure, big authentication
subsystems with trusted identity servers are overhead, but
simpler schemes, not as completely secure will do wonders 
against 99% of the hacks your guarding against. As much as I
hate them, passwords are a start in this direction.  If you
can keep people from fooling around with some form of key
variable inside the gateway, switch, or what-have you, then
pairwise keying works fine.  There is a whole spectrum of 
authentication measures available, depending on your
requirements.

Overhead?  -try some of the fast algorithms.  You don't need
software DES or 3,000 bit public keys for most (but not all)   
commercial stuff.