IETF Logo Mail Archive

Re: [Netconf]  Re: WGLC for draft-ietf-netcon f-tls-04.txt

"tom.petch" <cfinss@dial.pipex.com> Mon, 29 September 2008 10:19 UTC

Return-Path: <netconf-bounces@ietf.org>
X-Original-To: netconf-archive@ietf.org
Delivered-To: ietfarch-netconf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0854D3A6A70; Mon, 29 Sep 2008 03:19:32 -0700 (PDT)
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 95B683A6A70 for <netconf@core3.amsl.com>; Mon, 29 Sep 2008 03:19:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.301
X-Spam-Level:
X-Spam-Status: No, score=0.301 tagged_above=-999 required=5 tests=[BAYES_50=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P-9cUD1HifeR for <netconf@core3.amsl.com>; Mon, 29 Sep 2008 03:19:30 -0700 (PDT)
Received: from mk-outboundfilter-6.mail.uk.tiscali.com (mk-outboundfilter-6.mail.uk.tiscali.com [212.74.114.14]) by core3.amsl.com (Postfix) with ESMTP id 942633A6895 for <netconf@ietf.org>; Mon, 29 Sep 2008 03:19:30 -0700 (PDT)
X-Trace: 32028066/mk-outboundfilter-6.mail.uk.tiscali.com/PIPEX/$PIPEX-ACCEPTED/pipex-customers/62.188.130.38
X-SBRS: None
X-RemoteIP: 62.188.130.38
X-IP-MAIL-FROM: cfinss@dial.pipex.com
X-IP-BHB: Once
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjQFAPtH4Eg+vIIm/2dsb2JhbACDQzmIVa4OA4Fk
X-IronPort-AV: E=Sophos;i="4.33,330,1220223600"; d="scan'208";a="32028066"
X-IP-Direction: IN
Received: from 1cust38.tnt1.lnd4.gbr.da.uu.net (HELO allison) ([62.188.130.38]) by smtp.pipex.tiscali.co.uk with SMTP; 29 Sep 2008 11:19:08 +0100
Message-ID: <006a01c92213$63b81060$0601a8c0@allison>
From: "tom.petch" <cfinss@dial.pipex.com>
To: badra@isima.fr, fanhuaxiang 90002624 <washam.fan@huawei.com>
References: <20080927090622.GA431@elstar.local><59304.88.164.98.77.1222523373.squirrel@www.isima.fr><20080927154119.GA803@elstar.local><61122.88.164.98.77.1222530809.squirrel@www.isima.fr><20080927161432.GA918@elstar.local><49231.88.164.98.77.1222550961.squirrel@www.isima.fr><f944b43f3d55f.3d55ff944b43f@huawei.com><53194.88.164.98.77.1222565647.squirrel@www.isima.fr><fa17895d38c09.38c09fa17895d@huawei.com> <54592.88.164.98.77.1222597371.squirrel@www.isima.fr>
Date: Mon, 29 Sep 2008 11:10:26 +0200
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Cc: Â <netconf@ietf.org>
Subject: Re: [Netconf]  Re: WGLC for draft-ietf-netcon f-tls-04.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "tom.petch" <cfinss@dial.pipex.com>
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: netconf-bounces@ietf.org
Errors-To: netconf-bounces@ietf.org

----- Original Message -----
From: <badra@isima.fr>
To: "fanhuaxiang 90002624Â" <washam.fan@huawei.com>
Cc: "Â" <netconf@ietf.org>
Sent: Sunday, September 28, 2008 12:22 PM
Subject: [Netconf] Re: Re: WGLC for draft-ietf-netcon f-tls-04.txt


> Dear Washam,
>
> Thank you for your reply.
> Here is the last text we agree on.
> Dear Juergen, based on Washam's comments, I think we need to keep such a
> text even if TLS describes this alert.
>
> 2.2. Connection Closure
>
>    TLS [RFC5246] has the ability for secure connection closure using the
>    Alert protocol.  Either NETCONF peer MAY stop the NETCONF connection at
>    any time by sending a TLS close_notify alert.
>
>    A NETCONF peer MUST close the associated TLS connection if the
>    connection is not expected to deliver any rpc operation or when no data
>    is received from a connection for a long time, where the application
>    decides what "long" means.  The NETCONF peer MUST send a TLS
>    close_notify alert before closing the connection.  A sender's
>    close_notify MAY choose to not wait for the receiver's close_notify
>    alert and simply close the connection, thus generating an incomplete
>    close on the receiver's close_notify side.  Once the receiver gets a
>    close_notify from the sender's close_notify, it MUST reply with a
>    close_notify unless it becomes aware that the connection has already
>    been closed by the sender (e.g., the closure was indicated by TCP). In
>    the case the receiver still has pending data to send, it SHOULD send
>    the pending data before sending the close_notify alert.
>

To quote TLS,
"The other party MUST respond with a close_notify
   alert of its own and close down the connection immediately,
   discarding any pending writes. "
so this proposed text would appear to contradict a TLS MUST.  TLS also takes
great care not to bind itself to TCP and not to prescribe the behaviour of the
underlying transport protocol.

And I imagine that this is what Juergen had in mind.  When we start to reproduce
TLS in our own words, we are likely to make things worse (perhaps also known as
the distributed database problem).  And for those with a sense of history, be
aware that the last call on syslog-tls completed precisely two years ago - and
the I-D is still  being revised:-(

Tom Petch

> Best regards,
> Badra
> _______________________________________________
> Netconf mailing list
> Netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf

_______________________________________________
Netconf mailing list
Netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf

v2.23.0 | Report a Bug | By Email