Re: ISMS working group and charter problems
"Tom Petch" <nwnetworks@dial.pipex.com> Thu, 08 September 2005 14:41 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EDNai-0004Ev-5C; Thu, 08 Sep 2005 10:41:28 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EDNag-0004Eq-Es for ietf@megatron.ietf.org; Thu, 08 Sep 2005 10:41:26 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA23725 for <ietf@ietf.org>; Thu, 8 Sep 2005 10:41:23 -0400 (EDT)
Received: from galaxy.systems.pipex.net ([62.241.162.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EDNe3-0005iz-OW for ietf@ietf.org; Thu, 08 Sep 2005 10:44:57 -0400
Received: from pc6 (1Cust9.tnt24.lnd4.gbr.da.uu.net [62.188.151.9]) by galaxy.systems.pipex.net (Postfix) with SMTP id 0525BE00019E; Thu, 8 Sep 2005 15:41:05 +0100 (BST)
Message-ID: <051101c5b47a$f523c8a0$0601a8c0@pc6>
From: Tom Petch <nwnetworks@dial.pipex.com>
To: Daniel Senie <dts@senie.com>
References: <474EEBD229DF754FB83D256004D02108BBC8F1@XCH-NW-6V1.nw.nos.boeing.com><tsl7jds333d.fsf@cz.mit.edu><B81C1C69298E7B74556B6587@[10.1.1.171]> <6.2.3.4.2.20050908100801.0756b4e0@mail.amaranth.net>
Date: Thu, 08 Sep 2005 15:35:29 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: 1.2 (+)
X-Scan-Signature: 92df29fa99cf13e554b84c8374345c17
Content-Transfer-Encoding: 7bit
Cc: IETF Discussion <ietf@ietf.org>
Subject: Re: ISMS working group and charter problems
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Tom Petch <nwnetworks@dial.pipex.com>
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
<inline> Tom Petch ----- Original Message ----- From: "Daniel Senie" <dts@senie.com> To: "Juergen Quittek" <quittek@netlab.nec.de> Cc: "IETF Discussion" <ietf@ietf.org> Sent: Thursday, September 08, 2005 4:10 PM Subject: Re: ISMS working group and charter problems > At 09:14 AM 9/8/2005, Juergen Quittek wrote: > >--On 9/7/2005 6:49 PM -0400 Sam Hartman wrote: > > > >>>>>>>"Fleischman," == Fleischman, Eric <eric.fleischman@boeing.com> writes: > >> > >> Fleischman,> I believe that network management is too important a > >> Fleischman,> functionality to be designed such that it can only be > >> Fleischman,> usable within highly confined environmental > >> Fleischman,> constraints. > >> > >>"must work everywhere," is a highly constraining environment. > > > >We should consider that ISMS is about integrating SNMP into user > >and key management systems. Such system usually operate over TCP. > > You mean like RADIUS? That's a UDP protocol. > > >In a highly damaged network ISMS might not be able to help you even > >if you had stuck to SNMP transport over UDP. > > So you're arguing we should not bother with the ISMS effort? > > > >>You certainly may revisit the UDP vs TCP decision on the IETF list; > >>doing so is an appropriate last recourse under our process. > >> > >>However I do not believe it likely that you will get IETF consensus on > >>a specific UDP direction. I also do not believe it would be > >>productive to take this issue back to the working group. So, I ask > >>what you believe I should do if you fail to get consensus? If your > >>options are no ISMS or ISMS over ssh, which would you pick? > > > >The consensus in the WG on this issue was not really rough, > >but rather broad and clear. > > Based on your email, the consensus of the group is that TCP is good > enough, since it'll only be interesting to manage networks that are > operating cleanly. I can't imagine that's what the WG really > concluded, but that's how your email reads. > As a WG member, the way I saw it was that TCP became a necessary evil; the choice of a secure transport - mutual authentication, message integrity, encryption - came down to TLS+SASL, DTLS+SASL, SSH. Among these, SSH dominates in the market place of operators so, for me at least, it was a one horse race. Then having to have TCP, with all its complications is, well, a necessary evil (but one that the market place lives with at least for secure remote login). There is no, and no sign of, a SSH over UDP nor of SSH over any more suitable transport. So SNMP over TCP in order to get integrated security is a leap in the dark. It could work, it could fail, it may never even make it to an RFC, but it offers the best if not the only hope of progress. The issue of TCP in an unreliable network did get discussed several times without any consensus. For me, if isms allows safe configuration changes in a working, reliable network without requiring an SNMP-specific security subsytem, then that will be such a giant leap forward for SNMP that it will be worth the effort. Other WG members want more, secure notifications, Informs, call home and such like; for me, those can wait. _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Pekka Savola
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Dave Crocker
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- RE: ISMS working group and charter problems Daniel Senie
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- RE: ISMS working group and charter problems Thomas Gal
- Re: ISMS working group and charter problems Steven M. Bellovin
- Re: ISMS working group and charter problems Randy Presuhn
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Dave Singer
- Re: ISMS working group and charter problems Iljitsch van Beijnum
- Re: ISMS working group and charter problems Brian E Carpenter
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Jari Arkko
- Firewall considerations (Re: ISMS working group a… Harald Tveit Alvestrand
- Re: ISMS working group and charter problems Melinda Shore
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Margaret Wasserman
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Margaret Wasserman
- Confusion about ISMS rechartering Sam Hartman
- Re: Confusion about ISMS rechartering Dave Crocker
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Fleischman, Eric
- RE: ISMS working group and charter problems Margaret Wasserman
- RE: ISMS working group and charter problems Fleischman, Eric
- Re: ISMS working group and charter problems Spencer Dawkins
- Re: ISMS working group and charter problems Michael Thomas
- Re: ISMS working group and charter problems Sam Hartman
- Re: ISMS working group and charter problems Juergen Quittek
- Re: ISMS working group and charter problems Daniel Senie
- RE: ISMS working group and charter problems Nelson, David
- Re: ISMS working group and charter problems Tom Petch
- Fwd: ISMS working group and charter problems Rich Morin
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Eliot Lear
- Re: ISMS working group and charter problems Wes Hardaker
- ISMS working group and charter problems Brent Chapman