[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: 'NETCONF Configuration Protocol' to Proposed Standard

To: iesg@ietf.org
Subject: Re: Last Call: 'NETCONF Configuration Protocol' to Proposed Standard
From: Pekka Savola <pekkas@netcore.fi>
Date: Tue, 29 Nov 2005 16:25:53 +0200 (EET)
Cc: netconf@ops.ietf.org
In-reply-to: <E1Ef0Ns-0003vm-7f@newodin.ietf.org>
References: <E1Ef0Ns-0003vm-7f@newodin.ietf.org>

On Wed, 23 Nov 2005, The IESG wrote:

The IESG has received a request from the Network Configuration WG to consider
the following documents:

- 'NETCONF Configuration Protocol '
  <draft-ietf-netconf-prot-09.txt> as a Proposed Standard
- 'Using the NETCONF Configuration Protocol over Secure Shell (SSH) '
  <draft-ietf-netconf-ssh-05.txt> as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send any comments to the
iesg@ietf.org or ietf@ietf.org mailing lists by 2005-12-07.


I have just browsed through the main spec, because of its length.

There is one potential procedural with it, as one normative reference:

   [5]  Berners-Lee, T., "Universal Resource Identifiers in WWW: A
        Unifying Syntax for the Expression of Names and Addresses of
        Objects on the Network as used in the World-Wide Web", RFC 1630,
        June 1994.

.. is Informational. The rules have been stretched now and then(e.g., when referring to hash functions defined in informational RFCsbut the function is really defined by some external document), notsure if this is one similar case. Maybe a different ref would befindable on URIs?


...

As a comment on section 3 of the SSH spec,

    In order to allow NETCONF traffic to be easily identified and
    filtered by firewalls and other network devices, NETCONF servers MUST
    default to providing access to the "netconf" SSH subsystem only when
    the SSH session is established using the IANA-assigned TCP port
    <TBD>.  Servers SHOULD be configurable to allow access to the netconf
    SSH subsystem over other ports.

.. is this something that has already been implemented? Is thereexperience that such a restriction is practical to implement? It'dseem this would require running two different instances of sshd (withdifferent configuration wrt subsystems) or pretty complex policieswith just one process. I'm not against this approach -- I'd just liketo be sure there's implementer commitment to actually do so..


--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings



--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: Last Call: 'NETCONF Configuration Protocol' to Proposed Standard
  - From: Leslie Daigle <leslie@thinkingcat.com>

Prev by Date: Re: notification charter proposal
Next by Date: RE: NETCONF Notifications: Consensus Points
Previous by thread: Tim Bray on RelaxNG
Next by thread: Re: Last Call: 'NETCONF Configuration Protocol' to Proposed Standard
Index(es):
- Date
- Thread