[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: real problem? was Re: no interim meeting -- read the rules
----- Original Message -----
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: "Tom Petch" <nwnetworks@dial.pipex.com>; "Balazs Lengyel"
<balazs.lengyel@ericsson.com>; "Andy Bierman" <ietf@andybierman.com>
Cc: "Netconf (E-mail)" <netconf@ops.ietf.org>
Sent: Thursday, March 30, 2006 3:15 PM
Subject: RE: real problem? was Re: no interim meeting -- read the rules
> -----Original Message-----
>> We have to care about a second transport/security mechanism TLS (I don't know
if this is a real problem).
>
> Yes, I suspect it is. In a secure, distributed system,
> particularly one with a large number of unattended boxes, I
> believe that the distribution and maintenance of security
> credentials is a real problem, much complexity and expense.
>
> So (netconf over) ssh for configuration with the necessary
> notifications coming back (over syslog) over tls. I don't
> know anyone doing security that way so I imagine it is
> significantly more complex than just ssh or tls (or ipsec or
> ....). Anyone know otherwise?
>
What exactly are the security credentials for?
<>
Security credentials are used for authentication (and perhaps key exchange) and
so include certificates, public/private key pairs, pre-shared keys etc.
The work involved in the distribution of such material is perceived to be an
inhibitor to the take up of SNMPv3:-(
Tom Petch
<snip>
Dan
--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>