Got your point re trusted networks and I agree with you on that. However, I will still disagree on the point I am trying to make that we need to provide the user with the choice of turning on or off security for the transport protocol. From device perspective, I believe this would be less of an issue as you will have a limited number of concurrent sessions into an application on the network. However from the application perspective, if for example you want to perform mass configuration changes and need to maintain a large number of SSH/SSL connections simultaneously to a number of devices -- that may become an issue especially if you are not interested in the security side of it. Need to keep in mind that this effort will apply to equipment for both service providers as well as enterprise space and some of the later are very budget conscious (aren't we all -- but different scale I guess)!!
- Shmulik...
-----Original Message-----
From: Phil Shafer [mailto:phil@juniper.net]
Sent: Saturday, July 26, 2003 8:23 AM
To: Nehama, Shmulik [SC101:497:EXCH]
Cc: 'Rob Enns'; 'jtsillas'; 'netconf@ops.ietf.org'
Subject: Re: multiple xml documents on an input stream
"Shmulik Nehama" writes:
>However we will see
>customers not necessarily needing secure communication to devices in
>other deployments where both the devices and the application are on a
>trusted network.
Relying on a trusted network for security simply won't get past the IETF security folks. A netconf/clear-text draft would not get far.
And given the amazing CPU horsepower available on simple workstations today, handling even a fair number of secure connections will likely leave you CPU to spare.
Thanks,
Phil