Re: ISMS working group and charter problems
Eliot Lear <lear@cisco.com> Mon, 12 September 2005 07:25 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EEigu-0000OU-Fn; Mon, 12 Sep 2005 03:25:24 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EEign-0000No-Sp for ietf@megatron.ietf.org; Mon, 12 Sep 2005 03:25:21 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA01203 for <ietf@ietf.org>; Mon, 12 Sep 2005 03:25:08 -0400 (EDT)
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EEikn-0002Ng-9e for ietf@ietf.org; Mon, 12 Sep 2005 03:29:27 -0400
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-3.cisco.com with ESMTP; 12 Sep 2005 00:24:58 -0700
X-IronPort-AV: i="3.97,98,1125903600"; d="scan'208"; a="340762338:sNHT32981168"
Received: from imail.cisco.com (imail.cisco.com [128.107.200.91]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id j8C7Op4u008505; Mon, 12 Sep 2005 00:24:51 -0700 (PDT)
Received: from [212.254.247.4] (ams-clip-vpn-dhcp4556.cisco.com [10.61.81.203]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id j8C7ba5A011222; Mon, 12 Sep 2005 00:37:37 -0700
Message-ID: <43252D43.3050602@cisco.com>
Date: Mon, 12 Sep 2005 09:24:51 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: j.schoenwaelder@iu-bremen.de
References: <200509081520.IAA02206@cisco.com> <00a101c5b49c$5e913680$0601a8c0@pc6> <tslirxbnyqz.fsf@cz.mit.edu> <20050908200547.GA25650@boskop.local>
In-Reply-To: <20050908200547.GA25650@boskop.local>
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
DKIM-Signature: a=rsa-sha1; q=dns; l=1937; t=1126510658; x=1126942858; c=nowsp; s=nebraska; h=Subject:From:Date:Content-Type:Content-Transfer-Encoding; d=cisco.com; i=lear@cisco.com; z=Subject:Re=3A=20ISMS=20working=20group=20and=20charter=20problems| From:Eliot=20Lear=20<lear@cisco.com>| Date:Mon,=2012=20Sep=202005=2009=3A24=3A51=20+0200| Content-Type:text/plain=3B=20charset=3DISO-8859-1| Content-Transfer-Encoding:7bit; b=giGHQ1swgpBW510ybLEzyuT1u5l06ezURQqUyXxl1KWxt3lxoxXiQPslrvPAQM1gVjLyf7DZ tS4UZ6aeKW0zz+gZaWA/v+tUPf45Dw3U3MEIXSZyIV9kray5hyzuTqMsa9iuctS4wsY/4DikAIG damQJi2iNfN+u1yh1PKT6q8Q=
Authentication-Results: imail.cisco.com; header.From=lear@cisco.com; dkim=pass ( message from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Content-Transfer-Encoding: 7bit
Cc: Sam Hartman <hartmans-ietf@mit.edu>, IETF Discussion <ietf@ietf.org>
Subject: Re: ISMS working group and charter problems
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
Juergen, > 1) I see lots of people using tools like MIB browsers, snmp command line > tools called from fancy scripts, monitoring packages such as cacti > and nagios (these were even used on the IETF network in Paris if I > recall correctly) and all these packages share the feature that the > "manager" does not have a fixed transport address but takes the > initiative to talk to an "agent" when there is need to do so. In > other words, all these existing and deployed applications simply > won't work with call home easily since they would require to > implement some rather magic logic to dispatch SNMP traffic via > a locally centralized connection manager. Indeed I do not advocate deleting the existing model where the manager contacts the agent. But the tools you mention will almost assuredly need to be modified no matter the outcome of this debate, because they will need to incorporate SSH. > > 2) [Consider SSH, and not just TCP aspects] I agree, and Keith McCloghrie has answered this question better than I could. > > 3) For those not following ISMS closely, it might be useful to know > that originally was another proposal (EUSM) which tried to build on > USM messages and tried to integrate USM with AAA infrastructures. > This approach did have some rough support but did melt down because > of some inappropriate use of EAP. (I can't explain the details since > I never really understood the _technical_ concern.) Once EUSM was > off the table, the WG converged to SSH for a very simple reason: > SSH is already on many routers/bridges/hosts and you find it even > on power strips these days. Netconf also requires SSH as the > mandatory to implement transport. Hence, using SSH as a unifying > mechanism to securely access the various management interfaces > on a box has some promises wrt. ease of deployment. This jives with my understanding of the group's logic. > > I agree with those who said that CH is an architectural change and I > have yet to see a concrete proposal how CH via ssh can be achieved. Funny you should mention this. I've mentioned several approaches on this list and others several times, while the group converged on using SSH without having a single draft available at the time. It was indeed impressive that the group had gone from (at least) four separate viable drafts down to zero by the end of IETF-63. Eliot _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Re: complex extensions attacking IETF protocols Masataka Ohta
- Re: complex extensions attacking IETF protocols Bob Stewart
- Re: complex extensions attacking IETF protocols Karl Denninger
- Re: ISMS working group and charter problems Keith McCloghrie
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Tom Petch
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Juergen Schoenwaelder
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Juergen Schoenwaelder
- Re: ISMS working group and charter problems Keith McCloghrie
- Re: ISMS working group and charter problems Jeffrey Hutzelman
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Juergen Schoenwaelder
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Juergen Schoenwaelder
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group Keith McCloghrie
- Re: [Isms] ISMS charter broken- onus should be on… Keith McCloghrie
- Re: Gen-ART review of draft-ietf-imss-fc-fcs-mib-… Keith McCloghrie
- Re: Gen-ART review of draft-ietf-imss-fc-fcs-mib-… Suresh Krishnan
- Re: IETF MAILING: REGISTERED ATTENDEES: December … Masataka Ohta
- Re: IETF MAILING: REGISTERED ATTENDEES: December … Theodore Y. Ts'o
- Re: Last Call: Classical IP and ARP over ATM to P… Brian Carpenter CERN-CN
- Re: IAB/IETF standardization process Masataka Ohta
- Last Call: Classical IP and ARP over ATM to Propo… IESG Secretary
- Re: IETF MAILING: REGISTERED ATTENDEES: December … Masataka Ohta
- Copyright Confusion (was Re: IAB/IETF standardiza… Donald E. Eastlake 3rd (Beast)
- Re: Last Call: Classical IP and ARP over ATM to P… Masataka Ohta
- Re: Copyright Confusion (was Re: IAB/IETF standar… Masataka Ohta
- Re: Copyright Confusion (was Re: IAB/IETF standar… carl
- Re: Last Call: Classical IP and ARP over ATM to P… vincent birritteri ee stnt
- Re: IAB/IETF standardization process Simon E Spero
- Re: IETF MAILING: REGISTERED ATTENDEES: December … Masataka Ohta
- Re: IAB/IETF standardization process Masataka Ohta
- Re: IETF MAILING: REGISTERED ATTENDEES: December … Masataka Ohta
- Re: Last Call: Classical IP and ARP over ATM to P… Masataka Ohta
- Re: Last Call: Classical IP and ARP over ATM to P… Mark Laubach
- Re: Last Call: Classical IP and ARP over ATM to P… Masataka Ohta
- Re: IAB/IETF standardization process Mark Crispin
- Re: IAB/IETF standardization process Theodore Ts'o
- Re: Last Call: Classical IP and ARP over ATM to P… Masataka Ohta
- Last Call: Classical IP and ARP over ATM to Propo… The IESG