Re: [Netconf] WG Last Call Comments ondraft-ietf-netconf-reverse-ssh-03.txt

[t.petch <ietfc@btconnect.com>]

----- Original Message -----
From: "Kent Watsen" <kwatsen@juniper.net>
To: "t.petch" <ietfc@btconnect.com>; "Bert Wijnen (IETF)"
<bertietf@bwijnen.net>
Cc: <netconf@ietf.org>
Sent: Wednesday, May 07, 2014 11:15 PM
>
> Hi Tom,
>
> No need to wait for -06, here's the new text for the Abstract:
>
>    This document presents a technique for a NETCONF server to request
>    that a NETCONF client initiates a SSH connection to the NETCONF
>    server, a technique referred to as 'call home'.  Call home is
needed
>    to support deployments where the NETCONF client is otherwise unable
>    to initiate a SSH connection to the NETCONF server directly.
>
>
> As you can see, I rewrote the rest of the paragraph as well,
simplifying
> it and focusing it more on motivation than solution.  What do you
think?

Looks good - go with it.

And the Introduction needs a comparable change

Tom Petch


>
> Thanks,
> Kent
>
>
>
> On 5/7/14, 1:54 PM, "Kent Watsen" <kwatsen@juniper.net> wrote:
>
> >
> >Hi Tom,
> >
> >
> >>So, my still outstanding points are
> >>
> >>- s.5, re-arrange to dovetail better with 5539bis
> >
> >My understanding is that you believe that both drafts share the issue
of
> >the northbound management application being able to identify and
verify
> >the [SSH/TLS] server that uses call-home to connect to it.   I agree.
> >
> >And that the text in the reverse-ssh draft, while ostensibly about
SSH
> >host keys, could similarly apply to TLS and its use of X.509
certificates.
> >  I agree again, there is an overlap.
> >
> >Thus you think that much of the text should be moved to 5539bis and
for
> >the reverse-ssh draft to reference it there.  I don¹t agree, for two
> >reasons:
> >
> >1) if there is a need to define common call-home behavior, we should
have
> >a ³call-home² draft that covers both TLS and SSH call-home
together.  I
> >recall this being one of the options discussed before, but the WG
decided
> >to move ahead with this document structure.  In lieu of that, I think
that
> >the reverse-ssh draft is closer to being a ³call-home² draft than
5539bis,
> >and so suggest putting common call-home information into it, perhaps
> >pulled out into a section called ³common call-home behavious² -
what do
> >you think?
> >
> >2) The text in the reverse-ssh draft is also much about the use of
legacy
> >host-keys versus the new X.509 based keys with SSH.  Saying that use
of
> >legacy keys is possible and allowed, but fraught with issues that are
> >resolved when using X.509 keys.  Maybe this needs to be may clearer,
but I
> >don¹t think the information should be lost.
> >
> >
> >
> >>- wordsmith the Abstract/Introduction (as first suggested last
> >>November:-) where I think the first reference to 'SSH Connection' is
> >>wrong, so make it something like
> >>
> >>"This memo presents a technique for a NETCONF server to request that
a
> >>NETCONF client initiates a SSH connection to the NETCONF server,
> >>a technique referred to as 'call home'."
> >
> >I like this text, especially since we switched everything else to
> >"call-home" in -05.   I just updated my local copy this this change,
but
> >will wait for resolution of the above before putting out -06
> >
> >
> >
> >Thanks,
> >Kent
> >
> >_______________________________________________
> >Netconf mailing list
> >Netconf@ietf.org
> >https://www.ietf.org/mailman/listinfo/netconf
>
>