IETF Logo Mail Archive

Re: ISMS working group and charter problems

Eliot Lear <lear@cisco.com> Tue, 06 September 2005 18:37 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECiJn-0000ar-Rd; Tue, 06 Sep 2005 14:37:15 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECiJl-0000ai-Hy; Tue, 06 Sep 2005 14:37:13 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA12281; Tue, 6 Sep 2005 14:37:12 -0400 (EDT)
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ECiMm-0004xt-V2; Tue, 06 Sep 2005 14:40:21 -0400
Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-2.cisco.com with ESMTP; 06 Sep 2005 11:37:03 -0700
Received: from imail.cisco.com (imail.cisco.com [128.107.200.91]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id j86IawQM017936; Tue, 6 Sep 2005 11:36:59 -0700 (PDT)
Received: from [212.254.247.4] (ams-clip-vpn-dhcp4272.cisco.com [10.61.80.175]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id j86IWEi8030009; Tue, 6 Sep 2005 11:32:15 -0700
Message-ID: <431DE1C9.8000207@cisco.com>
Date: Tue, 06 Sep 2005 20:36:57 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Daniel Senie <dts@senie.com>
References: <431DD3BD.9090108@cisco.com> <431DD94C.8070907@dcrocker.net> <6.2.3.4.2.20050906141658.07a04e08@mail.amaranth.net>
In-Reply-To: <6.2.3.4.2.20050906141658.07a04e08@mail.amaranth.net>
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
DKIM-Signature: a=rsa-sha1; q=dns; l=1275; t=1126031537; x=1126463737; c=nowsp; s=nebraska; h=Subject:From:Date:Content-Type:Content-Transfer-Encoding; d=cisco.com; i=lear@cisco.com; z=Subject:Re=3A=20ISMS=20working=20group=20and=20charter=20problems| From:Eliot=20Lear=20<lear@cisco.com>| Date:Tue,=2006=20Sep=202005=2020=3A36=3A57=20+0200| Content-Type:text/plain=3B=20charset=3DISO-8859-1| Content-Transfer-Encoding:7bit; b=VEjzZE77ViJdy5V6PqFdygppwSXWci0UrKViEv0/rrGtTT9UeBLEOoUtBvX/8+WoDtYfCAhR NX1C0XkHS+7Hu3qX/5uYhML+ulHOBuR6thOsSKIef6gdxusVZHfRkwXmc/F5UkyVBdjyszfCP2i gC78XnWzrwQd/i3nt8OUUffI=
Authentication-Results: imail.cisco.com; header.From=lear@cisco.com; dkim=pass ( message from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
Content-Transfer-Encoding: 7bit
Cc: iesg@ietf.org, nanog@merit.edu, dcrocker@bbiw.net, IETF Discussion <ietf@ietf.org>
Subject: Re: ISMS working group and charter problems
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

Daniel,

All solutions will use a different SSH port as part of the standard just
so that firewall administrators have the ability to block.

Eliot


Daniel Senie wrote:
> At 02:00 PM 9/6/2005, Dave Crocker wrote:
> 
> 
>> Eliot,
>>
>>> I need your help to correct for an impending mistake by the ISMS
>>> working group in the IETF.
>>
>>
>>
>> Your note is clear and logical, and seems quite compelling.
>>
>> Is there any chance of getting a proponent of the working group's
>> decision to post a defense?
>>
>> (By the way, I am awestruck at the potential impact of changing SNMP
>> from UDP-based to TCP-based, given the extensive debates that took
>> place about this when SNMP was originally developed.  Has THIS
>> decision been subject to adequate external review, preferably
>> including a pass by the IAB?)
> 
> 
> I agree the argument is well laid out, and would be interested in
> hearing the thinking of ISMS in response.
> 
> I'm more than a bit concerned, however, when folks start talking about
> solutions that will permit things to pass through firewalls without
> configuration. Those in charge of firewalls are often purposely setting
> policy. If there is a perceived need for a policy that prevents SNMP
> traffic, then it should remain possible for the administrator of that
> network element to make that call. I must say I have some concern with
> overlaying SNMP on SSH, since that precludes the firewall knowing
> whether the traffic is general SSH keyboard traffic or network management.
> 
> Let's hear more about the thinking involved.
> 

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email