Re: [Call-home] draft now posted; BoF?

Juergen Schoenwaelder <> Tue, 27 September 2005 16:29 UTC

Received: from localhost.localdomain ([] by with esmtp (Exim 4.32) id 1EKIKW-0006In-Uq; Tue, 27 Sep 2005 12:29:20 -0400
Received: from ([] by with esmtp (Exim 4.32) id 1EKIKV-0006Ia-2J for; Tue, 27 Sep 2005 12:29:19 -0400
Received: from (ietf-mx []) by (8.9.1a/8.9.1a) with ESMTP id MAA24404 for <>; Tue, 27 Sep 2005 12:29:16 -0400 (EDT)
Received: from ([] helo=boskop.local) by with esmtp (Exim 4.43) id 1EKIRm-0002XO-73 for; Tue, 27 Sep 2005 12:36:50 -0400
Received: by boskop.local (Postfix, from userid 501) id 66931408A3A; Tue, 27 Sep 2005 16:32:10 +0200 (CEST)
Date: Tue, 27 Sep 2005 16:32:10 +0200
From: Juergen Schoenwaelder <>
To: Wes Hardaker <>
Subject: Re: [Call-home] draft now posted; BoF?
Message-ID: <20050927143210.GB1586@boskop.local>
References: <> <20050926210654.GA3067@boskop.local> <> <>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.10i
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion of issues relating to &quot; call home&quot; functionality and firewall traversal" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

On Tue, Sep 27, 2005 at 06:33:35AM -0700, Wes Hardaker wrote:

> [...] but the current protocols (SSH, TLS) don't do this.  They are
> designed with a particular order of sending the credentials and they
> all expect the model above.  Whether you can trigger them to do the
> reverse is subject to a huge debate with their authors I'd think.

My understanding of SSH is that both parties send an identification
string after connection establishment. Once that has happened, both
parties start the key exchange process by sending SSH_MSG_KEXINIT and
they both know their client/server role due to the way the TCP
connection was established. What I like to know is whether something
would break (and what) if the client/server role was not necessarily
bound to the TCP connection setup.

I am not saying SSH people will like this or that this whole idea is
worth anything at this point in time - I am just trying to explore the
solution space. On the other hand, if the call home feature could be
supported by a rather small change to SSH, then all SSH based
management interfaces could benefit from this and the only thing to be
dealt with is to identify the transport enpoints to which to call home.


Juergen Schoenwaelder		    International University Bremen
<>	    P.O. Box 750 561, 28725 Bremen, Germany

Call-home mailing list