IETF Logo Mail Archive

Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-reverse-ssh

"Randy Presuhn" <randy_presuhn@mindspring.com> Tue, 19 July 2011 18:09 UTC

Return-Path: <randy_presuhn@mindspring.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84EDC21F8506; Tue, 19 Jul 2011 11:09:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.887
X-Spam-Level:
X-Spam-Status: No, score=-101.887 tagged_above=-999 required=5 tests=[AWL=0.712, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8cRUkjnj5ZIR; Tue, 19 Jul 2011 11:09:02 -0700 (PDT)
Received: from elasmtp-masked.atl.sa.earthlink.net (elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]) by ietfa.amsl.com (Postfix) with ESMTP id E33CF21F84E3; Tue, 19 Jul 2011 11:09:01 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=mindspring.com; b=neJErP1+z6L29QsWa5ghvc81460x265wvDer1IkQr/8bb1jkLnQ5PoeLtiTBcu3f; h=Received:Message-ID:From:To:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
Received: from [99.55.174.180] (helo=oemcomputer) by elasmtp-masked.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <randy_presuhn@mindspring.com>) id 1QjEj7-0006wH-7o; Tue, 19 Jul 2011 14:09:01 -0400
Message-ID: <005201cc463f$b0b90060$6801a8c0@oemcomputer>
From: Randy Presuhn <randy_presuhn@mindspring.com>
To: opsawg@ietf.org, netconf@ietf.org
References: <84600D05C20FF943918238042D7670FD3E8429F313@EMBX01-HQ.jnpr.net> <20110713044711.GA80654@elstar.local> <84600D05C20FF943918238042D7670FD3E8429F98E@EMBX01-HQ.jnpr.net> <01c401cc45ed$07d58060$4001a8c0@gateway.2wire.net><20110719102454.GA67454@elstar.local> <4E25C2EE.8060004@andybierman.com>
Date: Tue, 19 Jul 2011 11:14:23 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1478
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
X-ELNK-Trace: 4488c18417c9426da92b9037bc8bcf44d4c20f6b8d69d8887f779e183b2ee28882e21d4e88577cf7a77fc594628cf979350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 99.55.174.180
Subject: Re: [OPSAWG] [Netconf] guidance on draft-kwatsen-reverse-ssh
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsawg>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2011 18:09:02 -0000

Hi -

> From: "Andy Bierman" <ietf@andybierman.com>
> To: "t.petch" <ietfc@btconnect.com>; "Kent Watsen" <kwatsen@juniper.net>; <opsawg@ietf.org>; <netconf@ietf.org>
> Sent: Tuesday, July 19, 2011 10:46 AM
> Subject: Re: [Netconf] [OPSAWG] guidance on draft-kwatsen-reverse-ssh
...
> Here is the original charter text from Eliot Lear:
> 
>     http://www.ietf.org/mail-archive/web/ietf/current/msg38521.html
> 
> Here are David Harrington's slides on why not ISMS:
> 
>     http://www.ietf.org/proceedings/64/slides/callhome-5.pdf
> 
> Here are the Callhome BoF minutes:
> 
>     http://www.ietf.org/proceedings/64/callhome.html
> 
> My recollection of the conclusion was that the problem space was not big enough,
> and an SSH-specific solution was inappropriate.  A more general approach should
> be investigated.
> 
> So almost 6 years have passed, and NETCONF vendors still want a call-home solution for SSH.
> IMO, Ken's proposal should be published (assuming the security experts approve).
> NETCONF notifications are rarely used.  The main reason given is that the client
> connection maintenance is not worth the resources and coding effort.  I think
> call-home for SSH could make NETCONF more deployable.
...

It seems like there were two distinct problem spaces that folks had in mind
during the initial discussions.

One (I'll call it the "narrow" one) is the question of how a device new to the
network lets management know that it exists so that it can be (more fully)
configured. The other (I'll call it the "broad" one) includes the issues of
overcoming NAT.  The original proposed charter text seems consistent
with the narrow space.  Addressing it shouldn't be much work, but would
nonetheless be worthwhile.   The broad problem is a different matter.  David
Harrington's most persuasive arguments were addressed to it, rather than
the narrow problem.

The NETCONF connection maintenance issue Andy raises is really a third
issue, which wasn't germane to the isms discussions.  When talking about
user / vendor needs, it would probably be helpful to indicate which of these
three is "the problem" that needs to be addressed, and the extent to which
solving the others is necessary (or not).

Randy

v2.23.0 | Report a Bug | By Email