IETF Logo Mail Archive

Re: [Isms] ISMS charter broken- onus should be on WG to fix it

Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de> Tue, 13 September 2005 20:46 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EFHfW-0008Bi-0O; Tue, 13 Sep 2005 16:46:18 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EFHfS-0008BX-Sy; Tue, 13 Sep 2005 16:46:15 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA25287; Tue, 13 Sep 2005 16:46:12 -0400 (EDT)
Received: from ia6f2.i.pppool.de ([85.73.166.242] helo=boskop.local) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EFHju-0000Te-PR; Tue, 13 Sep 2005 16:50:52 -0400
Received: by boskop.local (Postfix, from userid 501) id 088133F6EB9; Tue, 13 Sep 2005 22:45:55 +0200 (CEST)
Date: Tue, 13 Sep 2005 22:45:55 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>
To: Sam Hartman <hartmans-ietf@mit.edu>
Message-ID: <20050913204555.GA14153@boskop.local>
Mail-Followup-To: Sam Hartman <hartmans-ietf@mit.edu>, ietfdbh@comcast.net, david.kessens@nokia.com, isms@ietf.org, iesg@ietf.org, 'Eliot Lear' <lear@cisco.com>, 'IETF Discussion' <ietf@ietf.org>
References: <200509131506.j8DF664A016810@pacific-carrier-annex.mit.edu> <tslhdcokeed.fsf@cz.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <tslhdcokeed.fsf@cz.mit.edu>
User-Agent: Mutt/1.5.10i
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228
Cc: david.kessens@nokia.com, 'IETF Discussion' <ietf@ietf.org>, 'Eliot Lear' <lear@cisco.com>, iesg@ietf.org, ietfdbh@comcast.net, isms@ietf.org
Subject: Re: [Isms] ISMS charter broken- onus should be on WG to fix it
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: j.schoenwaelder@iu-bremen.de
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

On Tue, Sep 13, 2005 at 02:31:54PM -0400, Sam Hartman wrote:
> >>>>> "David" == David B Harrington <ietfdbh@comcast.net> writes:
> 
>     David> Hi, Personally, I'd rather see the issue of working through
>     David> NATs and firewalls solved at the SSH level, and then SNMP
>     David> and other SSH-using applications, such as Netconf and CLI,
>     David> could use the solution in a consistent manner.
> 
> I think that the ssh connection application already has a fairly
> reasonable story for NATs and firewalls, so I don't see much of a need
> for ssh itself to advance in this area.  
> 
> For the most part people who block port 22 really do intend to block
> ssh and so having standard facilities to get around that would not be
> appropriate.  The port forwarding support in ssh seems to be an
> adequate solution for NATs.

Sam, 

this is not about blocking port 22 as far as I understand things. I
think the issue here is that TCP connection establishment determines
ssh client/server roles.  If there would be a way to initiate the
connection but subsequently taking over the server role, protocols
like netconf and presumably isms would find it much easier to provide
CH functionality.

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email