Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-reverse-ssh
Andy Bierman <ietf@andybierman.com> Tue, 19 July 2011 17:46 UTC
Return-Path: <ietf@andybierman.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E1A421F851F for <opsawg@ietfa.amsl.com>; Tue, 19 Jul 2011 10:46:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_15=0.6]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ux-+H53bvNCI for <opsawg@ietfa.amsl.com>; Tue, 19 Jul 2011 10:46:22 -0700 (PDT)
Received: from omr1.networksolutionsemail.com (omr1.networksolutionsemail.com [205.178.146.51]) by ietfa.amsl.com (Postfix) with ESMTP id B739421F850F for <opsawg@ietf.org>; Tue, 19 Jul 2011 10:46:21 -0700 (PDT)
Received: from cm-omr1 (mail.networksolutionsemail.com [205.178.146.50]) by omr1.networksolutionsemail.com (8.13.6/8.13.6) with ESMTP id p6JHkKDK011807 for <opsawg@ietf.org>; Tue, 19 Jul 2011 13:46:20 -0400
Authentication-Results: cm-omr1 smtp.user=andy@andybierman.com; auth=pass (PLAIN)
X-Authenticated-UID: andy@andybierman.com
Received: from [75.84.164.152] ([75.84.164.152:37852] helo=[192.168.0.146]) by cm-omr1 (envelope-from <ietf@andybierman.com>) (ecelerity 2.2.2.41 r(31179/31189)) with ESMTPA id 1E/B7-18127-BE2C52E4; Tue, 19 Jul 2011 13:46:20 -0400
Message-ID: <4E25C2EE.8060004@andybierman.com>
Date: Tue, 19 Jul 2011 10:46:22 -0700
From: Andy Bierman <ietf@andybierman.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11
MIME-Version: 1.0
To: "t.petch" <ietfc@btconnect.com>, Kent Watsen <kwatsen@juniper.net>, opsawg@ietf.org, netconf@ietf.org
References: <84600D05C20FF943918238042D7670FD3E8429F313@EMBX01-HQ.jnpr.net> <20110713044711.GA80654@elstar.local> <84600D05C20FF943918238042D7670FD3E8429F98E@EMBX01-HQ.jnpr.net> <01c401cc45ed$07d58060$4001a8c0@gateway.2wire.net> <20110719102454.GA67454@elstar.local>
In-Reply-To: <20110719102454.GA67454@elstar.local>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Tue, 19 Jul 2011 11:15:13 -0700
Subject: Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-reverse-ssh
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsawg>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2011 17:46:22 -0000
On 07/19/2011 03:24 AM, Juergen Schoenwaelder wrote:
> On Tue, Jul 19, 2011 at 10:22:38AM +0200, t.petch wrote:
>
>> My recollection is somewhat different to Juergen's.
>>
>> Call home was requested by Eliot Lear but did not get much support in isms WG.
>>
>> Sam Hartman, as AD, ruled it out of scope since the WG already had a lot to do,
>> the charter was to add security to SNMPv3 and not to introduce functions that
>> SNMPv3 did not have (like call home). You will find this in the archives in
>> August 2005, particularly around August 18th.
>
> Yes, ISMS was never chartered to work on call home. However, we had to
> address the question how a notification originator sends notifications
> to a notification receiver via SSH. And this is very similar and this
> is the discussion I have been referring to in my previous email.
>
Here is the original charter text from Eliot Lear:
http://www.ietf.org/mail-archive/web/ietf/current/msg38521.html
Here are David Harrington's slides on why not ISMS:
http://www.ietf.org/proceedings/64/slides/callhome-5.pdf
Here are the Callhome BoF minutes:
http://www.ietf.org/proceedings/64/callhome.html
My recollection of the conclusion was that the problem space was not big enough,
and an SSH-specific solution was inappropriate. A more general approach should
be investigated.
So almost 6 years have passed, and NETCONF vendors still want a call-home solution for SSH.
IMO, Ken's proposal should be published (assuming the security experts approve).
NETCONF notifications are rarely used. The main reason given is that the client
connection maintenance is not worth the resources and coding effort. I think
call-home for SSH could make NETCONF more deployable.
> /js
>
Andy
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… Bert (IETF) Wijnen
- [OPSAWG] guidance on draft-kwatsen-reverse-ssh Kent Watsen
- Re: [OPSAWG] guidance on draft-kwatsen-reverse-ssh Juergen Schoenwaelder
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… Kent Watsen
- Re: [OPSAWG] guidance on draft-kwatsen-reverse-ssh Kent Watsen
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… Kent Watsen
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… t.petch
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… Juergen Schoenwaelder
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… Randy Presuhn
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… Randy Presuhn
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… Andy Bierman
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… Juergen Schoenwaelder
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… Phil Shafer
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… Kent Watsen
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… t.petch
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… t.petch
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… Kent Watsen
- Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-… t.petch