Re: [Netconf] WG Last Call Comments ondraft-ietf-netconf-reverse-ssh-03.txt

[Kent Watsen <kwatsen@juniper.net>]

Hi Tom, 

No need to wait for -06, here's the new text for the Abstract:

   This document presents a technique for a NETCONF server to request
   that a NETCONF client initiates a SSH connection to the NETCONF
   server, a technique referred to as 'call home'.  Call home is needed
   to support deployments where the NETCONF client is otherwise unable
   to initiate a SSH connection to the NETCONF server directly.


As you can see, I rewrote the rest of the paragraph as well, simplifying
it and focusing it more on motivation than solution.  What do you think?

Thanks,
Kent



On 5/7/14, 1:54 PM, "Kent Watsen" <kwatsen@juniper.net> wrote:

>
>Hi Tom,
>
>
>>So, my still outstanding points are
>>
>>- s.5, re-arrange to dovetail better with 5539bis
>
>My understanding is that you believe that both drafts share the issue of
>the northbound management application being able to identify and verify
>the [SSH/TLS] server that uses call-home to connect to it.   I agree.
>
>And that the text in the reverse-ssh draft, while ostensibly about SSH
>host keys, could similarly apply to TLS and its use of X.509 certificates.
>  I agree again, there is an overlap.
>
>Thus you think that much of the text should be moved to 5539bis and for
>the reverse-ssh draft to reference it there.  I don¹t agree, for two
>reasons:
>
>1) if there is a need to define common call-home behavior, we should have
>a ³call-home² draft that covers both TLS and SSH call-home together.  I
>recall this being one of the options discussed before, but the WG decided
>to move ahead with this document structure.  In lieu of that, I think that
>the reverse-ssh draft is closer to being a ³call-home² draft than 5539bis,
>and so suggest putting common call-home information into it, perhaps
>pulled out into a section called ³common call-home behavious² - what do
>you think?
>
>2) The text in the reverse-ssh draft is also much about the use of legacy
>host-keys versus the new X.509 based keys with SSH.  Saying that use of
>legacy keys is possible and allowed, but fraught with issues that are
>resolved when using X.509 keys.  Maybe this needs to be may clearer, but I
>don¹t think the information should be lost.
> 
>
>
>>- wordsmith the Abstract/Introduction (as first suggested last
>>November:-) where I think the first reference to 'SSH Connection' is
>>wrong, so make it something like
>>
>>"This memo presents a technique for a NETCONF server to request that a
>>NETCONF client initiates a SSH connection to the NETCONF server,
>>a technique referred to as 'call home'."
>
>I like this text, especially since we switched everything else to
>"call-home" in -05.   I just updated my local copy this this change, but
>will wait for resolution of the above before putting out -06
>
>
>
>Thanks,
>Kent
>
>_______________________________________________
>Netconf mailing list
>Netconf@ietf.org
>https://www.ietf.org/mailman/listinfo/netconf