IETF Logo Mail Archive

Re: ISMS working group and charter problems

Daniel Senie <dts@senie.com> Tue, 06 September 2005 18:21 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECi4o-00069Z-BA; Tue, 06 Sep 2005 14:21:46 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECi4m-00069R-Gs; Tue, 06 Sep 2005 14:21:44 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11381; Tue, 6 Sep 2005 14:21:43 -0400 (EDT)
Received: from parsley.amaranth.net ([204.10.1.23]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ECi7m-0004Vq-SC; Tue, 06 Sep 2005 14:24:52 -0400
Received: from ancho.senie.com (c-24-34-19-2.hsd1.ma.comcast.net [24.34.19.2]) (authenticated bits=0) by parsley.amaranth.net (8.12.11/8.12.11) with ESMTP id j86ILUXt031061 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 6 Sep 2005 14:21:32 -0400
Message-Id: <6.2.3.4.2.20050906141658.07a04e08@mail.amaranth.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4
Date: Tue, 06 Sep 2005 14:21:00 -0400
To: dcrocker@bbiw.net, Eliot Lear <lear@cisco.com>
From: Daniel Senie <dts@senie.com>
In-Reply-To: <431DD94C.8070907@dcrocker.net>
References: <431DD3BD.9090108@cisco.com> <431DD94C.8070907@dcrocker.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on parsley.amaranth.net
X-Virus-Status: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17
Cc: nanog@merit.edu, IETF Discussion <ietf@ietf.org>, iesg@ietf.org
Subject: Re: ISMS working group and charter problems
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

At 02:00 PM 9/6/2005, Dave Crocker wrote:


>Eliot,
>
>>I need your help to correct for an impending mistake by the ISMS
>>working group in the IETF.
>
>
>Your note is clear and logical, and seems quite compelling.
>
>Is there any chance of getting a proponent of the working group's 
>decision to post a defense?
>
>(By the way, I am awestruck at the potential impact of changing SNMP 
>from UDP-based to TCP-based, given the extensive debates that took 
>place about this when SNMP was originally developed.  Has THIS 
>decision been subject to adequate external review, preferably 
>including a pass by the IAB?)

I agree the argument is well laid out, and would be interested in 
hearing the thinking of ISMS in response.

I'm more than a bit concerned, however, when folks start talking 
about solutions that will permit things to pass through firewalls 
without configuration. Those in charge of firewalls are often 
purposely setting policy. If there is a perceived need for a policy 
that prevents SNMP traffic, then it should remain possible for the 
administrator of that network element to make that call. I must say I 
have some concern with overlaying SNMP on SSH, since that precludes 
the firewall knowing whether the traffic is general SSH keyboard 
traffic or network management.

Let's hear more about the thinking involved.


_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email