[VOIPSEC] SNMP support forEventCorrelation/NetworkManagementSystems

[Simon Horne]

At 02:35 AM 27/02/2005, Brian Rosen wrote:
>Haha
>"go scream at them for being ... non-compliant"?!
>You can scream all you want, vendors only do things customers ask for.
>RFC3261 requires all things claiming to be SIP to implement TLS.
>Only about 25% do.  They all claim to be compliant.

I wasn't being totally serious :) but this it true for a lot of products I 
think as time progresses and customers begin to demand standard compliant 
security and more and more vendors offer security products and people begin 
product comparisons then I think we'll see the situation change (we hope)

>It's not entirely clear to me that SNMP is really the right thing.
>For one thing, having lots of new elements for the network management system
>to manage is problematic. Consider for example, that every PC could have
>SNMP management, but it's really rare to see it used.  The number of
>elements would probably overwhelm the available management tools.

I do agree, and the same can be said for LDAP and OCSP for key 
deployment/revocation. It just keeps adding complexity and greatly 
increases security risks.  We do intend to implement these types of 
services but rather than each element access the services directly they 
will be tunneled thro' existing VOIP secure signaling  to a secure common 
central  element (Say a Proxy) and that element accesses the resources 
directly or is attached directly to the resource. You have the Central 
Management without the loss of security or that's the way the theory goes.

Simon