[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Perspectives for enabling Third Party Authentication with "NETCONF over TLS"

To: Mohamad Badra <badra@isima.fr>
Subject: Re: Perspectives for enabling Third Party Authentication with "NETCONF over TLS"
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Date: Tue, 26 Feb 2008 20:41:48 +0100
Cc: 'Bert Wijnen - IETF' <bertietf@bwijnen.net>, mehmet.ersue@nsn.com, charliek@microsoft.com, hannes.tschofenig@nsn.com, "'Netconf (E-mail)'" <netconf@ops.ietf.org>
In-reply-to: <47C43F96.3010102@isima.fr>
Mail-followup-to: Mohamad Badra <badra@isima.fr>, 'Bert Wijnen - IETF' <bertietf@bwijnen.net>, mehmet.ersue@nsn.com, charliek@microsoft.com, hannes.tschofenig@nsn.com, "'Netconf (E-mail)'" <netconf@ops.ietf.org>
References: <NIEJLKBACMDODCGLGOCNAECLEHAA.bertietf@bwijnen.net> <47BA9510.5020900@cisco.com> <47BAB9E3.8020207@isima.fr> <47BC3928.4000400@cisco.com> <095901c87490$0fdea020$011716ac@NEWTON603> <47C29F1F.1050801@isima.fr> <47C43F96.3010102@isima.fr>
Reply-to: j.schoenwaelder@jacobs-university.de
User-agent: Mutt/1.5.17 (2007-11-01)

On Tue, Feb 26, 2008 at 05:34:30PM +0100, Mohamad Badra wrote:

> I think we front the issue of defining correctly a common mechanism to 
> enable using an authentication function for the manager via third parties.
>
> There are many ways to move forward with third party authentication. Below 
> three of them, sorry for this long mail. Any advice is wellcome...

[...]

I only see two options here:

a) Extending NETCONF with an authentication mechanism that can hook into
   SASL (which would be something for NETCONF to work on)

b) Getting TLS enhanced that it can do client authentication with passwords
   and such things natively (which is clearly not NETCONFs business)

I guess the answer will be given by the security folks. I believe we
need to seek security area advise here.

/js

PS: My understanding is that BEEP does hook into SASL so I don't think
    BEEP is an issue here.

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

References:
- new revision: draft-ietf-netconf-tls-01.txt
  - From: "Bert Wijnen - IETF" <bertietf@bwijnen.net>
- Re: new revision: draft-ietf-netconf-tls-01.txt
  - From: Eliot Lear <lear@cisco.com>
- Re: new revision: draft-ietf-netconf-tls-01.txt
  - From: Mohamad Badra <badra@isima.fr>
- Re: new revision: draft-ietf-netconf-tls-01.txt
  - From: Mohamad Badra <badra@isima.fr>
- Perspectives for enabling Third Party Authentication with "NETCONF over TLS"
  - From: Mohamad Badra <badra@isima.fr>

Prev by Date: FYI: NETCONF is now on the official IETF71 agenda
Next by Date: I-D ACTION:draft-ietf-netconf-monitoring-01.txt
Previous by thread: Perspectives for enabling Third Party Authentication with "NETCONF over TLS"
Next by thread: RE: new revision: draft-ietf-netconf-tls-01.txt
Index(es):
- Date
- Thread