[Netconf] Questions about draft-ietf-netconf-tls-04.txt
Alan Luchuk <luchuk@snmp.com> Mon, 06 October 2008 18:40 UTC
Return-Path: <netconf-bounces@ietf.org>
X-Original-To: netconf-archive@lists.ietf.org
Delivered-To: ietfarch-netconf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 878DD28C116; Mon, 6 Oct 2008 11:40:16 -0700 (PDT)
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 26C4228C0F1 for <netconf@core3.amsl.com>; Mon, 6 Oct 2008 11:40:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.457
X-Spam-Level:
X-Spam-Status: No, score=-1.457 tagged_above=-999 required=5 tests=[AWL=1.142, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KP0xorE1-NTQ for <netconf@core3.amsl.com>; Mon, 6 Oct 2008 11:40:15 -0700 (PDT)
Received: from mailbox.snmp.com (mailbox.snmp.com [192.147.142.80]) by core3.amsl.com (Postfix) with ESMTP id 7EB2A28C116 for <netconf@ietf.org>; Mon, 6 Oct 2008 11:40:12 -0700 (PDT)
Received: from adminfs.snmp.com (adminfs.snmp.com [192.147.142.39]) by mailbox.snmp.com (8.9.3p2-20030922/m.0080228) with ESMTP id OAA05287; Mon, 6 Oct 2008 14:39:49 -0400 (EDT)
Received: (from luchuk@localhost) by adminfs.snmp.com (8.9.3p2-20030922/snmpclient.mc-990525) id OAA11535; Mon, 6 Oct 2008 14:39:49 -0400 (EDT)
Date: Mon, 06 Oct 2008 14:39:49 -0400
From: Alan Luchuk <luchuk@snmp.com>
Message-Id: <200810061839.OAA11535@adminfs.snmp.com>
To: netconf@ietf.org
Subject: [Netconf] Questions about draft-ietf-netconf-tls-04.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: netconf-bounces@ietf.org
Errors-To: netconf-bounces@ietf.org
Hello, Regarding NETCONF over TLS, I have two questions. If these questions have been answered already, would someone kindly point me to relevant information? RFC 4742 (NETCONF over SSH, Section 3.1) specifies a "framing sequence" to be inserted after each NETCONF message. Why is this framing sequence not needed or specified for NETCONF over TLS? It would seem that in either case, the transport layer (SSH or SSL) is simply a "data pipe", and that if a framing sequence is needed for SSH, it would also be needed for TLS. Making the framing sequence mandatory over SSH but not over TLS requires two slightly different software implementations. Second, when implementing a NETCONF server over TLS, how is a user identity derived for the purposes of data view access control? Although not specif- ically mentioned in RFC 4742, I believe such a user identity can be obtained from the process environment of the NETCONF server SSH subystem (on open systems, at least), based upon the username specified during the launch of the SSH client. Thanks in advance for any/all information! Regards, --Alan _______________________________________________ Netconf mailing list Netconf@ietf.org https://www.ietf.org/mailman/listinfo/netconf
- [Netconf] Questions about draft-ietf-netconf-tls-… Alan Luchuk
- Re: [Netconf] Questions about draft-ietf-netconf-… Juergen Schoenwaelder