Re: [Isms] Status of IESG-review changes for draft-ietf-isms-dtls-tm
"David Harrington" <ietfdbh@comcast.net> Wed, 05 May 2010 23:48 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: isms@core3.amsl.com
Delivered-To: isms@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 420103A690D for <isms@core3.amsl.com>; Wed, 5 May 2010 16:48:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.746
X-Spam-Level:
X-Spam-Status: No, score=-0.746 tagged_above=-999 required=5 tests=[AWL=0.364, BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a1xv3aUajEmm for <isms@core3.amsl.com>; Wed, 5 May 2010 16:48:10 -0700 (PDT)
Received: from QMTA11.westchester.pa.mail.comcast.net (qmta11.westchester.pa.mail.comcast.net [76.96.59.211]) by core3.amsl.com (Postfix) with ESMTP id 7496F3A6967 for <isms@ietf.org>; Wed, 5 May 2010 16:48:08 -0700 (PDT)
Received: from omta17.westchester.pa.mail.comcast.net ([76.96.62.89]) by QMTA11.westchester.pa.mail.comcast.net with comcast id Do4F1e00s1vXlb85BznwQL; Wed, 05 May 2010 23:47:56 +0000
Received: from Harrington73653 ([67.189.235.106]) by omta17.westchester.pa.mail.comcast.net with comcast id Dznw1e0012JQnJT3dznwmo; Wed, 05 May 2010 23:47:56 +0000
From: David Harrington <ietfdbh@comcast.net>
To: 'Wes Hardaker' <wjhns1@hardakers.net>
References: <sdaase140y.fsf@wjh.hardakers.net><097301caeca7$c385a650$0600a8c0@china.huawei.com> <sdhbmmx7eg.fsf@wjh.hardakers.net>
Date: Wed, 05 May 2010 19:47:54 -0400
Message-ID: <097801caecad$61936f30$0600a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <sdhbmmx7eg.fsf@wjh.hardakers.net>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Thread-Index: AcrsqZP9ZIX5JWA2SliCcG8/frYwewAAnfXg
Cc: isms@ietf.org, iesg@ietf.org
Subject: Re: [Isms] Status of IESG-review changes for draft-ietf-isms-dtls-tm
X-BeenThere: isms@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mailing list for the ISMS working group <isms.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/isms>
List-Post: <mailto:isms@ietf.org>
List-Help: <mailto:isms-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 May 2010 23:48:10 -0000
> -----Original Message----- > From: Wes Hardaker [mailto:wjhns1@hardakers.net] > Sent: Wednesday, May 05, 2010 7:21 PM > To: David Harrington > Cc: 'Wes Hardaker'; isms@ietf.org; iesg@ietf.org > Subject: Re: Status of IESG-review changes for draft-ietf-isms-dtls-tm > > > The output is deterministic so there is no issue with > > interoperability unless the APIs can't handle it. > > > > DH> I still have concerns about interoperability. I think we'll talk > DH> about this during the telechat tomorrow. > > I'd love to see a case that points out where something isn't > deterministic given the existing specifications. Please provide! My concerns are not about deterministic; they are about interoperability. > > > 3.2.1 CLOSED In Section 3.1.2, the last sentence of the last > > paragraph: > > -------------------------------------------------------------- > > ---------- > > > > Implementations SHOULD offer configuration settings for > > mapping algorithms to SNMPv3 security levels. > > > > DH> If we say it SHOULD, then shouldn't we provide the appropriate > DH> tables in the MIB module? I am not certain what such a mapping > DH> would look like. > > We even agreed in the WG at one point that such infrastructure tables > would be nice to have but would need to be defined in PKIX, > not in ISMS. PKIX would not be the right place to define how to ***map them to SNMPv3*** security levels. Or do I not understand what mappings you think should be provided? Maybe I am confused because this spec talks a lot about "mapping algorithms"; maybe you are thinking of something else here than I am. As I said, I am not certain what such a mapping would look like. Can you tell us what you think it would look like? > > > 4.2.3 CLOSED Forgive my ignorance regarding SNMP/SMI, but I > > can't seem > > -------------------------------------------------------------- > > --------- > > to find a definition of "transport domain"; is it a > DNS domain > > name, a trust domain, or something else? (It seems > to be more > > like an address type.) It might help to make this clearer in > > the definitions of the snmpTLSTCPDomain and > snmpDTLSUDPDomain > > transport domains. > > > > document you had read. I'll put in a reference to RFC2579 > > DH> Actually, 3417 is probably the preferred reference. > > 3417 defines the current transport mechanisms (e.g. UDP). RFC2579, on > the other-hand, defines the TDomain and TAddress TC which is the base > for them all. OK. > -- > Wes Hardaker > Cobham Analytic Solutions >
- [Isms] Status of IESG-review changes for draft-ie… Wes Hardaker
- Re: [Isms] Status of IESG-review changes for draf… David Harrington
- Re: [Isms] Status of IESG-review changes for draf… Wes Hardaker
- Re: [Isms] Status of IESG-review changes for draf… David Harrington
- Re: [Isms] Status of IESG-review changes for draf… Wes Hardaker
- Re: [Isms] Status of IESG-review changes for draf… Juergen Schoenwaelder