IETF Logo Mail Archive

Re: [Isms] ISMS charter broken- onus should be on WG to fix it

Jeffrey Hutzelman <jhutz@cmu.edu> Tue, 13 September 2005 21:38 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EFITY-0007mW-Gl; Tue, 13 Sep 2005 17:38:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EFITV-0007m8-GI; Tue, 13 Sep 2005 17:37:57 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA28223; Tue, 13 Sep 2005 17:37:54 -0400 (EDT)
Received: from minbar.fac.cs.cmu.edu ([128.2.185.161]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1EFIXv-00025b-S6; Tue, 13 Sep 2005 17:42:35 -0400
Received: from SIRIUS.FAC.CS.CMU.EDU ([128.2.209.170]) by minbar.fac.cs.cmu.edu id aa07195; 13 Sep 2005 17:37 EDT
Date: Tue, 13 Sep 2005 17:37:49 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Sam Hartman <hartmans-ietf@mit.edu>, ietfdbh@comcast.net
Message-ID: <3C03BDBD60783D559EDAE652@sirius.fac.cs.cmu.edu>
In-Reply-To: <tslbr2wk78f.fsf@cz.mit.edu>
References: <200509131506.j8DF664A016810@pacific-carrier-annex.mit.edu> <tslhdcokeed.fsf@cz.mit.edu> <20050913204555.GA14153@boskop.local> <tslbr2wk78f.fsf@cz.mit.edu>
Originator-Info: login-token=Mulberry:01XqLN48gKQleq7UVkkSD9UvUUBA7l1kbLF/tIlCI=; token_authority=postmaster@andrew.cmu.edu
X-Mailer: Mulberry/3.1.6 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
Content-Transfer-Encoding: 7bit
Cc: iesg@ietf.org, david.kessens@nokia.com, 'IETF Discussion' <ietf@ietf.org>, 'Eliot Lear' <lear@cisco.com>, isms@ietf.org
Subject: Re: [Isms] ISMS charter broken- onus should be on WG to fix it
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org


On Tuesday, September 13, 2005 05:06:40 PM -0400 Sam Hartman 
<hartmans-ietf@mit.edu> wrote:

>>>>>> "Juergen" == Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>
>>>>>> writes:
>
>     Juergen> Sam,
>
>     Juergen> this is not about blocking port 22 as far as I understand
>     Juergen> things. I think the issue here is that TCP connection
>     Juergen> establishment determines ssh client/server roles.  If
>     Juergen> there would be a way to initiate the connection but
>     Juergen> subsequently taking over the server role, protocols like
>     Juergen> netconf and presumably isms would find it much easier to
>     Juergen> provide CH functionality.
>
> Right.  But for the ssh-connect application I don't think you would
> want that unless you were trying to get around firewall policy.

I don't think that's necessarily the case.  Sure, you might be trying to do 
that, but you also might be trying to get around the fact that the machines 
at your house are behind a NAT and thus lack routable addresses.

> I suspect that the ssh community would decline to extend ssh in this
> direction; I certainly know I would not support it.

I'm not entirely sure _how_ I'd extend SSH in this direction, or how much 
utility it would have.  I don't think I would object to it, especially 
since I suspect it might make some of the ISMS cases easier even if you 
don't care about the firewall problem.

-- Jeff

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email