[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]

To: Randy Presuhn <randy_presuhn@mindspring.com>
Subject: Re: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
From: Andy Bierman <ietf@andybierman.com>
Date: Thu, 16 Mar 2006 15:57:56 -0800
Cc: "Netconf (E-mail)" <netconf@ops.ietf.org>
In-reply-to: <007b01c6494d$b9aefc00$6401a8c0@oemcomputer>
References: <CFEE79A465B35C4385389BA5866BEDF00C7FA9@mailsrvnt02.enet.sharplabs.com> <007b01c6494d$b9aefc00$6401a8c0@oemcomputer>
User-agent: Thunderbird 1.5 (Windows/20051201)

Randy Presuhn wrote:

Hi -

From: "McDonald, Ira" <imcdonald@sharplabs.com>
To: "'Sharon Chisholm'" <schishol@nortel.com>; "Netconf (E-mail)" <netconf@ops.ietf.org>
Sent: Thursday, March 16, 2006 11:03 AM
Subject: RE: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]

...

(1) IANA-assigned "Well Known Port" (0 to 1023)

- approximately 70% are now assigned- very scarce resource


(2) IANA-assigned "Registered Port" (1024 to 49151)

- approximately %12 are now assigned- plentiful resource


(3) Unregistered "Dynamic or Private Port" (49152 to 65535)
    - not a reasonable choice for NetConf or any standard service

Option (2) is obviously the prudent choide.


I strongly agree.

It is not possible to use NetConf (or SHOULD NOT be) without
strong authentication - in any case, security professionals
do NOT accept the pseudo-security of "well known ports" based
on their numeric values.

...

I find this rationale far more convincing than any of the
others put forth on this thread.


Let's leave security out of the argument for the moment.
At first, this is what made me think we didn't really need
a number < 1024.  Picking (2) out of spite just to make
a point that (1) is not strong enough security anyway
may not be the best choice.

Does the expected use of the protocol meet the criteria
for classifying it in the privileged system space?
When I looked at the problem this way,  I changed my mind.

The current  practice with CLI, HTML, and SMI based network management
protocols is to use privileged port numbers.  Why is NETCONF different?

Randy


Andy

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>



--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
  - From: "Randy Presuhn" <randy_presuhn@mindspring.com>

References:
- RE: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
  - From: "McDonald, Ira" <imcdonald@sharplabs.com>
- Re: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
  - From: "Randy Presuhn" <randy_presuhn@mindspring.com>

Prev by Date: Re: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
Next by Date: RE: transport mappings capability
Previous by thread: Re: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
Next by thread: Re: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
Index(es):
- Date
- Thread