IETF Logo Mail Archive

Re: ISMS working group and charter problems

Keith McCloghrie <kzm@cisco.com> Thu, 08 September 2005 21:28 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EDTx5-0004Vx-By; Thu, 08 Sep 2005 17:28:59 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EDTx2-0004Vj-OJ for ietf@megatron.ietf.org; Thu, 08 Sep 2005 17:28:56 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA18754 for <ietf@ietf.org>; Thu, 8 Sep 2005 17:28:53 -0400 (EDT)
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EDU0S-0000Lc-OO for ietf@ietf.org; Thu, 08 Sep 2005 17:32:31 -0400
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-3.cisco.com with ESMTP; 08 Sep 2005 14:28:45 -0700
X-IronPort-AV: i="3.96,180,1122879600"; d="scan'208"; a="340012958:sNHT28752572"
Received: from cisco.com (cypher.cisco.com [171.69.11.142]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id j88LSe4u002849; Thu, 8 Sep 2005 14:28:40 -0700 (PDT)
Received: (from kzm@localhost) by cisco.com (8.8.8-Cisco List Logging/8.8.8) id OAA02815; Thu, 8 Sep 2005 14:28:39 -0700 (PDT)
From: Keith McCloghrie <kzm@cisco.com>
Message-Id: <200509082128.OAA02815@cisco.com>
To: j.schoenwaelder@iu-bremen.de
Date: Thu, 08 Sep 2005 14:28:39 -0700
In-Reply-To: <20050908200547.GA25650@boskop.local> from "Juergen Schoenwaelder" at Sep 08, 2005 10:05:47 PM
X-Mailer: ELM [version 2.5 PL5]
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
Content-Transfer-Encoding: 7bit
Cc: Sam Hartman <hartmans-ietf@mit.edu>, IETF Discussion <ietf@ietf.org>
Subject: Re: ISMS working group and charter problems
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

Hi Juergen,

> 2) It is important to talk about ssh and to not reduce the problem to
>    just TCP. ...

This is very true.  Your SNMP-over-TCP (RFC 3430) is still based on
each message carrying all of its own security.  In contrast, the not
yet complete proposal for SNMP-over-SSH is different because each SNMP
message is going to inherent security properties from the SSH session.
So, for example, if requests are allowed to be sent in both directions
across the same session, then a request sent in one direction across a
session are sent by the same user as a request sent in the other
direction over the same session.

> I agree with those who said that CH is an architectural change and I
> have yet to see a concrete proposal how CH via ssh can be achieved.
 
As I see it, to prevent SNMP-over-SSH from being the same architectural
change, constraints need to be imposed on which SNMP messages can be
sent in which direction on a SSH session.  The decision on whether to
have such constraints is within the proposed scope of the WG.  Thus,
that architectural change is within the scope of the WG, and therefore
requiring the same architectural change is not a valid reason to rule
Call Home out-of-scope.

Keith.

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email