Re: [Isms] ISMS charter broken- onus should be on WG to fix it

Sam Hartman <> Tue, 13 September 2005 19:34 UTC

Received: from localhost.localdomain ([] by with esmtp (Exim 4.32) id 1EFGYG-0005in-Sg; Tue, 13 Sep 2005 15:34:44 -0400
Received: from ([] by with esmtp (Exim 4.32) id 1EFFZk-0003ck-8P; Tue, 13 Sep 2005 14:32:16 -0400
Received: from (ietf-mx []) by (8.9.1a/8.9.1a) with ESMTP id OAA05456; Tue, 13 Sep 2005 14:31:59 -0400 (EDT)
Received: from ([]) by with esmtp (Exim 4.43) id 1EFFe0-00015T-5b; Tue, 13 Sep 2005 14:36:37 -0400
Received: by (Postfix, from userid 8042) id 49DF2E0049; Tue, 13 Sep 2005 14:31:54 -0400 (EDT)
To: <>
References: <>
From: Sam Hartman <>
Date: Tue, 13 Sep 2005 14:31:54 -0400
In-Reply-To: <> (David B. Harrington's message of "Tue, 13 Sep 2005 11:05:49 -0400")
Message-ID: <>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d6b246023072368de71562c0ab503126
Cc:,,, 'Eliot Lear' <>, 'IETF Discussion' <>
Subject: Re: [Isms] ISMS charter broken- onus should be on WG to fix it
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

>>>>> "David" == David B Harrington <> writes:

    David> Hi, Personally, I'd rather see the issue of working through
    David> NATs and firewalls solved at the SSH level, and then SNMP
    David> and other SSH-using applications, such as Netconf and CLI,
    David> could use the solution in a consistent manner.

I think that the ssh connection application already has a fairly
reasonable story for NATs and firewalls, so I don't see much of a need
for ssh itself to advance in this area.  

For the most part people who block port 22 really do intend to block
ssh and so having standard facilities to get around that would not be
appropriate.  The port forwarding support in ssh seems to be an
adequate solution for NATs.

SNMP can use these facilities certainly.  However you may want/need a
more automated solution.

Ietf mailing list