Re: [Call-home] draft now posted; BoF?
Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de> Mon, 26 September 2005 21:07 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EK0Bw-0005a7-1B; Mon, 26 Sep 2005 17:07:16 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EK0Br-0005ZS-II for call-home@megatron.ietf.org; Mon, 26 Sep 2005 17:07:13 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA09495 for <call-home@ietf.org>; Mon, 26 Sep 2005 17:07:09 -0400 (EDT)
Received: from ia3ee.i.pppool.de ([85.73.163.238] helo=boskop.local) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EK0Iy-00070t-08 for call-home@ietf.org; Mon, 26 Sep 2005 17:14:33 -0400
Received: by boskop.local (Postfix, from userid 501) id 9FFC34081A4; Mon, 26 Sep 2005 23:06:55 +0200 (CEST)
Date: Mon, 26 Sep 2005 23:06:54 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>
To: Eliot Lear <lear@cisco.com>
Subject: Re: [Call-home] draft now posted; BoF?
Message-ID: <20050926210654.GA3067@boskop.local>
References: <4337FBB5.4010701@cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4337FBB5.4010701@cisco.com>
User-Agent: Mutt/1.5.10i
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
Cc: call-home@ietf.org
X-BeenThere: call-home@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: j.schoenwaelder@iu-bremen.de
List-Id: "Discussion of issues relating to " call home" functionality and firewall traversal" <call-home.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/call-home>, <mailto:call-home-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/call-home>
List-Post: <mailto:call-home@ietf.org>
List-Help: <mailto:call-home-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/call-home>, <mailto:call-home-request@ietf.org?subject=subscribe>
Sender: call-home-bounces@ietf.org
Errors-To: call-home-bounces@ietf.org
On Mon, Sep 26, 2005 at 03:46:29PM +0200, Eliot Lear wrote: > A draft is now posted - draft-lear-callhome-description-00.txt. It > doesn't yet have much in the way of SNMP specifics but I am working on > that now. I am not sure what the scope of your efforts here are. Do you limit this in scope to the management domain (which is somewhat implied by talking about managers and agents) or do you want to address the more general question of how to reverse connection establishment from the inside to the outside. In any case, I would like to discuss this issue not only in the context of SNMP, but at least also consider netconf, where the required to implement transport mapping also does not provide call home at the moment. Personally, I am concerned about the security considerations. I would very much prefer a solution where the authenticated identities and the way they are authenticated remain the same, regardless whether I am using call-home or not. Now, it may turn out that this is not feasible to achieve. If that is the case, these findings need to be documented somewhere. > Did I miss architectural issues in the draft? I only had a very quick read. For me, the really interesting issue is to figure out how much security protocols like SSH or TLS actually reply on the connection initiation procedure or whether the client/server roles can be "turned" before the security protocols do their work. In other words, I would like to know whether some extensions to say SSH can solve most of the issues with call home support in ISMS and NETCONF. To answer this question, one might have to dive into the details of the security mechanisms in order to figure out whether there is an architectural reasons why this can or cannot work. /js -- Juergen Schoenwaelder International University Bremen <http://www.eecs.iu-bremen.de/> P.O. Box 750 561, 28725 Bremen, Germany _______________________________________________ Call-home mailing list Call-home@ietf.org https://www1.ietf.org/mailman/listinfo/call-home
- [Call-home] draft now posted; BoF? Eliot Lear
- Re: [Call-home] draft now posted; BoF? Juergen Schoenwaelder
- Re: [Call-home] draft now posted; BoF? Eliot Lear
- RE: [Call-home] draft now posted; BoF? Wijnen, Bert (Bert)
- Re: [Call-home] draft now posted; BoF? Wes Hardaker
- Re: [Call-home] draft now posted; BoF? Wes Hardaker
- Re: [Call-home] draft now posted; BoF? Juergen Schoenwaelder
- Re: [Call-home] draft now posted; BoF? Juergen Schoenwaelder
- Re: [Call-home] draft now posted; BoF? Josh Littlefield
- Re: [Call-home] draft now posted; BoF? David T. Perkins
- Re: [Call-home] draft now posted; BoF? David T. Perkins
- Re: [Call-home] draft now posted; BoF? Juergen Schoenwaelder
- [Call-home] Why not IPsec with IKEv2 + NAT-T? Pekka Nikander
- Re: [Call-home] Why not IPsec with IKEv2 + NAT-T? David T. Perkins
- Re: [Call-home] draft now posted; BoF? Eliot Lear
- Re: [Call-home] Why not IPsec with IKEv2 + NAT-T? Dean Willis
- Re: [Call-home] Why not IPsec with IKEv2 + NAT-T? Pekka Nikander
- Re: [Call-home] Why not IPsec with IKEv2 + NAT-T? Dean Willis
- Re: [Call-home] Why not IPsec with IKEv2 + NAT-T? Eliot Lear
- Re: [Call-home] draft now posted; BoF? Wes Hardaker
- Re: [Call-home] draft now posted; BoF? Juergen Schoenwaelder