IETF Logo Mail Archive

Re: [NGO] comments on CANMOD BoF

Balazs Lengyel <balazs.lengyel@ericsson.com> Mon, 17 March 2008 10:30 UTC

Return-Path: <ngo-bounces@ietf.org>
X-Original-To: ietfarch-ngo-archive@core3.amsl.com
Delivered-To: ietfarch-ngo-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B3AA528C2AC; Mon, 17 Mar 2008 03:30:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.89
X-Spam-Level:
X-Spam-Status: No, score=-101.89 tagged_above=-999 required=5 tests=[AWL=-1.453, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IotE50n1k5MF; Mon, 17 Mar 2008 03:30:30 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C7B7E28C231; Mon, 17 Mar 2008 03:30:30 -0700 (PDT)
X-Original-To: ngo@core3.amsl.com
Delivered-To: ngo@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8EAFD28C231 for <ngo@core3.amsl.com>; Mon, 17 Mar 2008 03:30:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9A+mmEVYk14K for <ngo@core3.amsl.com>; Mon, 17 Mar 2008 03:30:28 -0700 (PDT)
Received: from mailgw3.ericsson.se (mailgw3.ericsson.se [193.180.251.60]) by core3.amsl.com (Postfix) with ESMTP id 0072B28C21F for <ngo@ietf.org>; Mon, 17 Mar 2008 03:30:27 -0700 (PDT)
Received: from mailgw3.ericsson.se (unknown [127.0.0.1]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id 04C5C2209D; Mon, 17 Mar 2008 11:19:28 +0100 (CET)
X-AuditID: c1b4fb3c-af09dbb00000193b-69-47de45afcd37
Received: from esealmw126.eemea.ericsson.se (unknown [153.88.254.123]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id D942020850; Mon, 17 Mar 2008 11:19:27 +0100 (CET)
Received: from esealmw128.eemea.ericsson.se ([153.88.254.172]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 17 Mar 2008 11:19:16 +0100
Received: from [159.107.197.224] ([159.107.197.224]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 17 Mar 2008 11:19:16 +0100
Message-ID: <47DE45A3.4050202@ericsson.com>
Date: Mon, 17 Mar 2008 11:19:15 +0100
From: Balazs Lengyel <balazs.lengyel@ericsson.com>
User-Agent: Thunderbird 2.0.0.4 (X11/20070604)
MIME-Version: 1.0
To: Andy Bierman <ietf@andybierman.com>
References: <200803161721.m2GHLUlc054962@idle.juniper.net> <47DD72BE.707@andybierman.com>
In-Reply-To: <47DD72BE.707@andybierman.com>
X-OriginalArrivalTime: 17 Mar 2008 10:19:16.0218 (UTC) FILETIME=[5AB0ADA0:01C88818]
X-Brightmail-Tracker: AAAAAA==
Cc: NETCONF Goes On <ngo@ietf.org>
Subject: Re: [NGO] comments on CANMOD BoF
X-BeenThere: ngo@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NETCONF Goes On - discussions on future work and extensions to NETCONF <ngo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ngo>, <mailto:ngo-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/ngo>
List-Post: <mailto:ngo@ietf.org>
List-Help: <mailto:ngo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ngo>, <mailto:ngo-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ngo-bounces@ietf.org
Errors-To: ngo-bounces@ietf.org

While agreeing that access control is important, I would also mention that we just made the 
very first step for the DML. We still have many months of hard work before us, so if we loose 
focus we are doomed.

Balazs

Andy Bierman wrote:
> Phil Shafer wrote:
>> Andy Bierman writes:
>>> The NETMOD WG (if there ever is one) should deal
>>> with the entire problem of standardized CM, which includes
>>> secure operation in a multi-user environment.
>> With this approach, we'd still be working on the NETCONF draft.  We
>> need to find what we agree on, build concensus on that, publish,
>> gain experience, learn, and evolve.
>>
>> If the plan is "all or nothing", we'll get nothing.
>>
> 
> The NETCONF access control model is "all or nothing",
> not the NETCONF feature development plan.  That is in its
> 3rd phase, and new stuff like partial-locking and yet another
> optional transport (which is only needed to avoid the mandatory
> transport) are given higher priority than security.
> 
> You have to design the 2nd floor of the house, even though
> you start out by building the first floor.  If you don't,
> at best the project will cost 10X more expensive than it should,
> and at worse, the house will collapse when you add the weight
> the load-bearing walls on the first floor were never designed to handle.
> 
> A standard access control model is clearly needed.
> Every NETCONF implementation has its own proprietary ACM.
> The requirements for standardized access control could impact
> the NETMOD architecture and the DML.  Ignoring access control
> and bolting it on later might be a huge mistake.
> 
> So by 'all', I mean a coherent and well-planned execution strategy
> to reach a complete standardized CM solution for NETCONF,
> as opposed to an ad-hoc free-for-all that continues to produce
> zero writable standard objects for NETCONF.
> 
>> Thanks,
>>  Phil
>>
>>
>>
> 
> Andy
> 
> _______________________________________________
> NGO mailing list
> NGO@ietf.org
> https://www.ietf.org/mailman/listinfo/ngo

-- 
Balazs Lengyel                       Ericsson Hungary Ltd.
TSP System Manager
ECN: 831 7320                        Fax: +36 1 4377792
Tel: +36-1-437-7320     email: Balazs.Lengyel@ericsson.com
_______________________________________________
NGO mailing list
NGO@ietf.org
https://www.ietf.org/mailman/listinfo/ngo

v2.23.0 | Report a Bug | By Email