[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: multiple xml documents on an input stream

To: "Shmulik Nehama" <snehama@nortelnetworks.com>
Subject: RE: multiple xml documents on an input stream
From: Andy Bierman <abierman@cisco.com>
Date: Tue, 29 Jul 2003 09:23:20 -0700
Cc: "'Phil Shafer'" <phil@juniper.net>, "'Randy Bush'" <randy@psg.com>, "'netconf@ops.ietf.org'" <netconf@ops.ietf.org>
In-reply-to: <2F1FC1DEA077D5119FAD00508BCFD6D209EBDE2D@zsc3c030.us.nortel.com>

At 08:08 AM 7/29/2003, Shmulik Nehama wrote:

>Got your point re trusted networks and I agree with you on that. However, I will still disagree on the point I am trying to make that we need to provide the user with the choice of turning on or off security for the transport protocol. From device perspective, I believe this would be less of an issue as you will have a limited number of concurrent sessions into an application on the network. However from the application perspective, if for example you want to perform mass configuration changes and need to maintain a large number of SSH/SSL connections simultaneously to a number of devices -- that may become an issue especially if you are not interested in the security side of it. Need to keep in mind that this effort will apply to equipment for both service providers as well as enterprise space and some of the later are very budget conscious (aren't we all -- but different scale I guess)!!

I don't agree that we should standardize anything but secure
transport protocol mappings for netconf.  Once we publish a mapping
for SSH or HTTPS, it will be fairly trivial for a vendor to figure out 
how to adjust that mapping to use telnet instead of SSH, or HTTP
instead of HTTPS.


>- Shmulik... 

Andy




>-----Original Message----- 
>From: Phil Shafer [<mailto:phil@juniper.net>mailto:phil@juniper.net] 
>Sent: Saturday, July 26, 2003 8:23 AM 
>To: Nehama, Shmulik [SC101:497:EXCH] 
>Cc: 'Rob Enns'; 'jtsillas'; 'netconf@ops.ietf.org' 
>Subject: Re: multiple xml documents on an input stream 
>
>"Shmulik Nehama" writes: 
>>However we will see 
>>customers not necessarily needing secure communication to devices in 
>>other deployments where both the devices and the application are on a 
>>trusted network. 
>
>Relying on a trusted network for security simply won't get past the IETF security folks. A netconf/clear-text draft would not get far.
>
>And given the amazing CPU horsepower available on simple workstations today, handling even a fair number of secure connections will likely leave you CPU to spare.
>
>Thanks, 
> Phil 


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

References:
- RE: multiple xml documents on an input stream
  - From: "Shmulik Nehama" <snehama@nortelnetworks.com>

Prev by Date: RE: multiple xml documents on an input stream
Next by Date: omission in BEEP session initiation
Previous by thread: RE: multiple xml documents on an input stream
Next by thread: BEEP profile URI's?
Index(es):
- Date
- Thread