[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NETCONF over TLS
Many already know I favor a common secure transport layer for multiple
NM protocols. I think the concept of BEEP is wonderful, since it
**standardizes** secure transport for NM, providing a more secure
environment across NM interfaces, and reducing security configuration
work. But operators seem to refuse to use it, either because the
toolkits that have been available were not good enough, or the
deployment introduces more problems than it solves.
Until recently operators didn't have a choice to even deploy it, so I'd
not read too much into what operators think right just yet.
Until BEEP is accepted by operators, I do not believe we should
disallow a Netconf/TLS transport just because there is a Netconf/BEEP
transport. If BEEP is accepted by operators because it reduces the
work of deploying security for multiple NM protocols, the TLS
transport might just go away.
But it's not just TLS- it's TLS + User level authentication + framing.
Guys, that's what BEEP is.
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.