[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Evaluation: draft-ietf-netconf-ssh-05.txt to Proposed Standar d [I06-051127-0011]
Eliot Lear wrote:
>
>
> Ira,
> > If Netconf is not a _ubiquitous_ general replacement for SNMP
> > and other legacy configuration protocols for ALL network
> > elements, then it's not a critical system service - period.
> >
> SNMP didn't start as a ubiquitous replacement for anything. It's a
> mistake to make this decision based on popularity. The question in my
> opinion is ONLY a matter of who can bind the port and what
> impact it can
> have. Now, arguably one could argue that if you get your process
> initiation order correct, this isn't a problem. On the other
> hand, if a
> process can be killed, then the problem recurs. This to me is the
> technical issue. It's not a political vanity. If we were talking
> about, oh, say, the "talk" or "finger" protocols, I'd feel
> differently...
Security through low-numbered ports is non-existent - this is old
thinking that certainly isn't reflected in many operating systems.
Security of local processes is NOT based on port numbers.
I stand by my 'political vanity issue' comment.
Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Blue Roof Music / High North Inc
PO Box 221 Grand Marais, MI 49839
phone: +1-906-494-2434
email: imcdonald@sharplabs.com
--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>