[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: real problem? was Re: no interim meeting -- read the rules

To: "Tom Petch" <nwnetworks@dial.pipex.com>, "Balazs Lengyel" <balazs.lengyel@ericsson.com>, "Andy Bierman" <ietf@andybierman.com>
Subject: RE: real problem? was Re: no interim meeting -- read the rules
From: "Romascanu, Dan \(Dan\)" <dromasca@avaya.com>
Date: Thu, 30 Mar 2006 15:15:49 +0200
Cc: "Netconf \(E-mail\)" <netconf@ops.ietf.org>


 
 

> -----Original Message-----
>> We have to care 
> > about a
> second
> > transport/security mechanism TLS (I don't know if this is a 
> real problem).
> 
> Yes, I suspect it is.  In a secure, distributed system, 
> particularly one with a large number of unattended boxes, I 
> believe that the distribution and maintenance of security 
> credentials is a real problem, much complexity and expense.
> 
> So (netconf over) ssh for configuration with the necessary 
> notifications coming back (over syslog) over tls.  I don't 
> know anyone doing security that way so I imagine it is 
> significantly  more complex than just ssh or tls (or ipsec or 
> ....).  Anyone know otherwise?
> 

What exactly are the security credentials for? Is this about
authentication of the notification sender with the receiver? If so, this
is similar with the case that we encountered recently with the
authentication of the data sources with the collectors in raqmon. Andy
knows it too well. 

Dan


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: real problem? was Re: no interim meeting -- read the rules
  - From: "Tom Petch" <nwnetworks@dial.pipex.com>

Prev by Date: RE: Second Example in section 7.2 of netconf-proto
Next by Date: Re: predictable content
Previous by thread: get-config and :url
Next by thread: Re: real problem? was Re: no interim meeting -- read the rules
Index(es):
- Date
- Thread