[Call-home] new draft -03 coming out...
Eliot Lear <lear@cisco.com> Wed, 19 October 2005 04:42 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ES5n1-0006KO-P9; Wed, 19 Oct 2005 00:42:59 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ES5n0-0006Jk-Dn for call-home@megatron.ietf.org; Wed, 19 Oct 2005 00:42:58 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA19843 for <call-home@ietf.org>; Wed, 19 Oct 2005 00:42:49 -0400 (EDT)
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ES5ye-0006P4-TW for call-home@ietf.org; Wed, 19 Oct 2005 00:55:02 -0400
Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-5.cisco.com with ESMTP; 18 Oct 2005 21:42:33 -0700
X-IronPort-AV: i="3.97,229,1125903600"; d="scan'208"; a="221462232:sNHT665883590"
Received: from imail.cisco.com (imail.cisco.com [128.107.200.91]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id j9J4gVUw004887 for <call-home@ietf.org>; Tue, 18 Oct 2005 21:42:31 -0700 (PDT)
Received: from [212.254.247.5] (ams-clip-vpn-dhcp83.cisco.com [10.61.64.83]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id j9J4qvRR012878 for <call-home@ietf.org>; Tue, 18 Oct 2005 21:52:58 -0700
Message-ID: <4355CEB6.1090605@cisco.com>
Date: Wed, 19 Oct 2005 06:42:30 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Thunderbird 1.4.1 (Macintosh/20051006)
MIME-Version: 1.0
To: call-home@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: a=rsa-sha1; q=dns; l=914; t=1129697578; x=1130129778; c=nowsp; s=nebraska; h=Subject:From:Date:Content-Type:Content-Transfer-Encoding; d=cisco.com; i=lear@cisco.com; z=Subject:new=20draft=20-03=20coming=20out...| From:Eliot=20Lear=20<lear@cisco.com>| Date:Wed,=2019=20Oct=202005=2006=3A42=3A30=20+0200| Content-Type:text/plain=3B=20charset=3DISO-8859-1=3B=20format=3Dflowed| Content-Transfer-Encoding:7bit; b=H649X7cM6Rxxy+G355F9p5/nXkFBsnI/AtFQBKiB6EPSssPqknDeLbSb7BHbKajIhHvTgteF PThARseeaHPTC7GHkns/3JChm1V5LJ8RmsTUV9QV9SGZjLgI8NImclO0lR/SE2UTXnIDlw3t21l fyXhZD6Ee9/fsMgs5KVSU6Bs=
Authentication-Results: imail.cisco.com; header.From=lear@cisco.com; dkim=pass ( message from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
Content-Transfer-Encoding: 7bit
Subject: [Call-home] new draft -03 coming out...
X-BeenThere: call-home@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion of issues relating to " call home" functionality and firewall traversal" <call-home.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/call-home>, <mailto:call-home-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/call-home>
List-Post: <mailto:call-home@ietf.org>
List-Help: <mailto:call-home-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/call-home>, <mailto:call-home-request@ietf.org?subject=subscribe>
Sender: call-home-bounces@ietf.org
Errors-To: call-home-bounces@ietf.org
Hi There, There will be a new draft-lear-callhome-description-03 in the next day or so. The key changes are these: - I've added a section discussing naming. The devices that use CH often have a problem with stable names from a DNS perspective. Not always, but often. So people who use or implement CH need to think about this. This could cause us to wade into old NSRG territory, but there was a recent paper (Braden et. al.?) that discusses application naming that may be more relevant. Anyone got a cite for that? - I've added an additional example that demonstrates how one could use CH to gain interactive access to an agent behind a firewall. Now, this could be a good thing or a bad thing. It's a good thing for authorized access and a bad thing for unauthorized access ;-) This example exposes potentially overly strong language in draft-ietf-secsh-connect in which they say that clients SHOULD reject "session" service. Yes, they should if they're not prepared to deal with the auth/authz issues. But if they are, then it should be okay. This latter case exposes the naming issue. Comments? Eliot _______________________________________________ Call-home mailing list Call-home@ietf.org https://www1.ietf.org/mailman/listinfo/call-home
- [Call-home] new draft -03 coming out... Eliot Lear