Re: [NGO] comments on CANMOD BoF
Andy Bierman <ietf@andybierman.com> Sun, 16 March 2008 01:28 UTC
Return-Path: <ngo-bounces@ietf.org>
X-Original-To: ietfarch-ngo-archive@core3.amsl.com
Delivered-To: ietfarch-ngo-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0A85728C25A; Sat, 15 Mar 2008 18:28:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.429
X-Spam-Level:
X-Spam-Status: No, score=-100.429 tagged_above=-999 required=5 tests=[AWL=0.008, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GnR4kVp1DVc7; Sat, 15 Mar 2008 18:28:47 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6231528C217; Sat, 15 Mar 2008 18:28:46 -0700 (PDT)
X-Original-To: ngo@core3.amsl.com
Delivered-To: ngo@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0239628C1AF for <ngo@core3.amsl.com>; Sat, 15 Mar 2008 18:28:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TWmOusrl7oA5 for <ngo@core3.amsl.com>; Sat, 15 Mar 2008 18:28:44 -0700 (PDT)
Received: from smtp111.sbc.mail.mud.yahoo.com (smtp111.sbc.mail.mud.yahoo.com [68.142.198.210]) by core3.amsl.com (Postfix) with SMTP id 2500C28C173 for <ngo@ietf.org>; Sat, 15 Mar 2008 18:28:44 -0700 (PDT)
Received: (qmail 40563 invoked from network); 16 Mar 2008 01:26:28 -0000
Received: from unknown (HELO ?127.0.0.1?) (andybierman@att.net@67.122.138.89 with plain) by smtp111.sbc.mail.mud.yahoo.com with SMTP; 16 Mar 2008 01:26:26 -0000
X-YMail-OSG: 05qJWYIVM1mUGhYnsGryPqZEJcOq5k8hofvKOD2y.hGc5cBq
X-Yahoo-Newman-Property: ymail-3
Message-ID: <47DC7742.2080702@andybierman.com>
Date: Sat, 15 Mar 2008 18:26:26 -0700
From: Andy Bierman <ietf@andybierman.com>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: Phil Shafer <phil@juniper.net>
References: <200803160002.m2G02Z1d051871@idle.juniper.net>
In-Reply-To: <200803160002.m2G02Z1d051871@idle.juniper.net>
Cc: NETCONF Goes On <ngo@ietf.org>
Subject: Re: [NGO] comments on CANMOD BoF
X-BeenThere: ngo@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NETCONF Goes On - discussions on future work and extensions to NETCONF <ngo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ngo>, <mailto:ngo-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/ngo>
List-Post: <mailto:ngo@ietf.org>
List-Help: <mailto:ngo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ngo>, <mailto:ngo-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ngo-bounces@ietf.org
Errors-To: ngo-bounces@ietf.org
Phil Shafer wrote: > Andy Bierman writes: >> Ignoring access control >> completely is not something the IESG should allow in the charter. > > On access control, we have zero realistic proposals on the table. > Please feel free to propose something and hopefully you'll see the > same sort of responding proposals as we saw with YANG and we can > get a concensus built there. But this is an effort that can and > should be separated from the modeling work. > There have been several proposals made to the WG. All of them have been ignored by the WG. IMO, they were all realistic proposals. It is clear the NETCONF WG wants to ignore security, just like RMONMIB and IPFIX wanted to ignore congestion and run over UDP. Standard configuration management based on NETCONF requires more than a DML. The NETMOD WG (if there ever is one) should deal with the entire problem of standardized CM, which includes secure operation in a multi-user environment. If the WG agrees that granular access control is pointless and the standard access control model for NETCONF should be "root access or nothing", then that should be written down in a standard. I hope the IESG rejects it though, and forces NETCONF to consider security more carefully. > Thanks, > Phil > > > Andy _______________________________________________ NGO mailing list NGO@ietf.org https://www.ietf.org/mailman/listinfo/ngo
- [NGO] comments on CANMOD BoF Andy Bierman
- Re: [NGO] comments on CANMOD BoF Phil Shafer
- Re: [NGO] comments on CANMOD BoF Yoshifumi Atarashi
- Re: [NGO] comments on CANMOD BoF Andy Bierman
- Re: [NGO] comments on CANMOD BoF Phil Shafer
- Re: [NGO] comments on CANMOD BoF Andy Bierman
- Re: [NGO] comments on CANMOD BoF Phil Shafer
- Re: [NGO] comments on CANMOD BoF Andy Bierman
- Re: [NGO] comments on CANMOD BoF Leif Johansson
- Re: [NGO] comments on CANMOD BoF Phil Shafer
- Re: [NGO] comments on CANMOD BoF Andy Bierman
- Re: [NGO] comments on CANMOD BoF Balazs Lengyel
- Re: [NGO] comments on CANMOD BoF Mehmet Ersue
- Re: [NGO] comments on CANMOD BoF Andy Bierman
- Re: [NGO] comments on CANMOD BoF Jon Saperia
- Re: [NGO] comments on CANMOD BoF David Harrington