Re: ISMS working group and charter problems
Iljitsch van Beijnum <iljitsch@muada.com> Tue, 06 September 2005 21:23 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECkuF-0008LJ-Ii; Tue, 06 Sep 2005 17:23:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ECkuD-0008Ki-GJ for ietf@megatron.ietf.org; Tue, 06 Sep 2005 17:23:01 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA00605 for <ietf@ietf.org>; Tue, 6 Sep 2005 17:22:59 -0400 (EDT)
Received: from sequoia.muada.com ([83.149.65.1]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ECkxF-0003cO-B0 for ietf@ietf.org; Tue, 06 Sep 2005 17:26:10 -0400
Received: from [172.16.1.7] (82-192-90-30.leasedsl.net [82.192.90.30]) (authenticated bits=0) by sequoia.muada.com (8.13.3/8.13.3) with ESMTP id j86LLq2o065507 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO); Tue, 6 Sep 2005 23:21:52 +0200 (CEST) (envelope-from iljitsch@muada.com)
In-Reply-To: <431DE35D.5070305@cisco.com>
References: <431DD3BD.9090108@cisco.com> <3221221C-DBBA-4DE8-AF04-98D3D822644A@muada.com> <431DE35D.5070305@cisco.com>
Mime-Version: 1.0 (Apple Message framework v734)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <CBB3A9E7-295F-461F-8627-2DD6EDA85769@muada.com>
Content-Transfer-Encoding: 7bit
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Tue, 06 Sep 2005 23:21:42 +0200
To: Eliot Lear <lear@cisco.com>
X-Mailer: Apple Mail (2.734)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
Content-Transfer-Encoding: 7bit
Cc: IETF Discussion <ietf@ietf.org>
Subject: Re: ISMS working group and charter problems
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
[dropping NANOG] On 6-sep-2005, at 20:43, Eliot Lear wrote: >> I consider the fact that random people across the internet can't >> manage >> my equipment a feature rather than a bug. > Use of a well known port that you can block will actually make it > EASIER > for you to make use of that "feature". Today if you leave your PC up > with various forms of commercial software, you have no idea who is > connecting to what. Ok. >> The IETF has been doing extensive work on NAT traversal, have a look >> and see if you can reuse some existing mechanism. > All mechanisms used with the possible exception of an additional SNMP > table will be re-used from existing IETF work (mostly SSH with help > from > the fact that it's based on TCP). You do realize that you import all the weaknesses of TCP then, don't you? I'm not too familiar with NAT traversal techniques, but AFAIK there isn't a good match between these mechanisms and what you want to do here. You may want to consider looking at the mechanism for HTTPS proxying. This works by having the client connect to the proxy, optionally authenticating itself, and then asking the proxy to connect it to the ultimate destination. The encryption is end-to-end and thus opaque to the proxy, but the proxy does have the opportunity to assert access restrictions. You'd probably need a mechanism for internal to-be-managed systems to register their manageability with the proxy. A simple split horizon (in addition to the normal layers of access control) could avoid these proxies from being abused for spam and the like. Obviously the SSL in HTTPS is a bit different from SSH, but that shouldn't be too hard to fix one way or another. _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Pekka Savola
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- RE: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Randy Presuhn
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Dave Singer
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Brian E Carpenter
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Firewall considerations (Re: ISMS working group a… Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Melinda Shore
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Margaret Wasserman
- Confusion about ISMS rechartering Sam Hartman
- Re: Confusion about ISMS rechartering Dave Crocker
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Margaret Wasserman
- RE: ISMS working group and charter problems Fleischman, Eric
- Re: ISMS working group and charter problems Spencer Dawkins
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Daniel Senie
- RE: ISMS working group and charter problems Nelson, David
- Re: ISMS working group and charter problems Tom Petch
- Fwd: ISMS working group and charter problems Rich Morin
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Wes Hardaker
- ISMS working group and charter problems Brent Chapman