Re: use of netconf to configure Unix systems

[Andy Bierman <ietf@andybierman.com>]

McDonald, Ira wrote:
> Hi Joel,
>
> +1
>
> If Netconf really wants a "Well Known Port", then OK, let's
> move on.
>
> But it really is distressing that the IESG takes no active
> part (apparently) in setting and enforcing policies for the
> use of the remainder of this scarce resource.
>   

A) I have asked the ADs for advice.
    If we have no consensus, then do we have "rough consensus"?
    Using the Olympics system (throw out the high and low scores),
    the rough consensus is "don't really care".
    But, if the WG can show sufficient justification, then system port 
numbers
    can be assigned. 

B) scarce resource
    If there is no point to EVER assigning any protocol to this range 
anymore,
    then it's no longer a resource, scarce or otherwise.

Either the assignment range matters, in which case I believe there is 
sufficient
justification to ask for well known port numbers for NETCONF, or the
assignment range doesn't matter, and therefore all new static ports are
registered ports.  I can live with either decision, but I would prefer
an actual IESG decision in this matter.

If I posed the question to operators as "Would it matter to you if SSH was
initially assigned a registered port number instead of a well-known port 
number?"
I wonder if I would get the same answer as for NETCONF. (Yes --  "huh?" ;-)

This does need to be resolved soon.


> Cheers,
> - Ira
>
>   


Andy

> Ira McDonald (Musician / Software Architect)
> Blue Roof Music / High North Inc
> PO Box 221  Grand Marais, MI  49839
> phone: +1-906-494-2434
> email: imcdonald@sharplabs.com
>
>   
> > -----Original Message-----
> > From: owner-netconf@ops.ietf.org [mailto:owner-netconf@ops.ietf.org]On
> > Behalf Of Joel M. Halpern
> > Sent: Friday, March 17, 2006 11:47 PM
> > To: Andy Bierman
> > Cc: Eliot Lear; netconf
> > Subject: Re: use of netconf to configure Unix systems
> >
> >
> > minor: Ira and I are not the only people speaking up.  I was struck 
> > by the tone of the debate that was occurring, which is why I spoke up.
> >
> > And just to clarify my own sloppiness, I realized after I wrote the 
> > note that "root" rather than "kernel" is what is needed for a low 
> > port, and that is indeed easier.  But it is MUCH better to develop 
> > and run applications without having to make them root, even 
> > briefly.  (The coupling of the various permissions within Unix is not 
> > our problem, but that doesn't make it desirable.)
> >
> > Given that, to paraphrase Phil's comment, it doesn't make that much 
> > difference, it would seem more sensible to go for a higher 
> > range port number.
> > However, neither Ira nor I speak for the IESG.  Heck, I'm not even 
> > speaking as a "reviewer", just as a participant / observer in this 
> > working group.
> > I guess I just find "its appropriate to use low numbers for this" a 
> > bad reason.  From different perspectives, different things are 
> > "privileged".  I know many folks who will claim that the only really 
> > privileged operation is collecting money. And others.......
> >
> > Yours,
> > Joel
> >
> > PS: I would prefer not to hang this protocol up on a debate about 
> > whether <1024 ports should ever be given out.  That would be a waste 
> > of all our time.
> >
> > At 09:40 PM 3/17/2006, Andy Bierman wrote:
> >     
> > > There are ways to allow users specific access to root 
> > >       
> > programs (e,g,. 'su').
> >     
> > > There is really no way to logically conclude this discussion.
> > >
> > > You and Ira are arguing that no protocol should ever use the 
> > >       
> > system port
> >     
> > > space again, including NETCONF.  If this is IESG policy, 
> > >       
> > then I guess we
> >     
> > > are done discussing it.
> > >
> > > Some others have said the port number doesn't really matter,
> > > except a bit for unix implementations, and some "legacy bias" against
> > > using higher port numbers for system services. (Large "don't 
> > >       
> > care" camp)
> >     
> > > Eliot and I are arguing that the task of configuring a 
> > >       
> > networking device
> >     
> > > (a server, not a plain host!)  is clearly a privileged task 
> > >       
> > in almost all
> >     
> > > environments, which is NETCONF's chartered purpose.  If 
> > >       
> > device configuration
> >     
> > > and control isn't a system task on a networking device, then
> > > I don't know what is.
> > >
> > > If there are no possible reasons for assigning system port numbers
> > > anymore, then IANA can stop asking which range the new protocol
> > > should be assigned, and WGs like us don't need to argue about
> > > anymore.
> > >       
> > --
> > to unsubscribe send a message to netconf-request@ops.ietf.org with
> > the word 'unsubscribe' in a single line as the message text body.
> > archive: <http://ops.ietf.org/lists/netconf/>
> >
> >     
>
>
>   


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>