[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Underspecified CallHome

To: Phil Shafer <phil@juniper.net>
Subject: Re: Underspecified CallHome
From: Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>
Date: Fri, 2 Jun 2006 22:42:01 +0200
Cc: Andy Bierman <ietf@andybierman.com>, Balazs Lengyel <balazs.lengyel@ericsson.com>, "Netconf (E-mail)" <netconf@ops.ietf.org>
In-reply-to: <200606022029.k52KTmPd009390@idle.juniper.net>
Mail-followup-to: Phil Shafer <phil@juniper.net>, Andy Bierman <ietf@andybierman.com>, Balazs Lengyel <balazs.lengyel@ericsson.com>, "Netconf (E-mail)" <netconf@ops.ietf.org>
References: <44805C53.6080903@andybierman.com> <200606022029.k52KTmPd009390@idle.juniper.net>
Reply-to: j.schoenwaelder@iu-bremen.de
User-agent: Mutt/1.5.10i

On Fri, Jun 02, 2006 at 04:29:48PM -0400, Phil Shafer wrote:

> BEEP handles the device-initiated connection easily, and one can
> use 'sshd -i' on the device side to pass a device-initiated connection
> into the ssh daemon code, allowing us to preserve the existing
> client/server relationship in netconf.  I'm clueless about how soap
> would handle this.

While I love the simplicity of this approach (agent establishes the
TCP connection and once established it takes over the SSH server
role), I had the feeling that security folks seriously disliked it
during the ISMS discussions. Instead, they seemed to prefer something
where you have to use host-key authentication and you end up with
different notions of access control rules since you have different
authenticated identities to deal with.

I like to see a common approach to deal with "agent" initiated
connections between netconf and ISMS and as I said I love the
simplicity of what you propose for netconf...

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: Underspecified CallHome
  - From: Andy Bierman <ietf@andybierman.com>

References:
- Re: Underspecified CallHome
  - From: Andy Bierman <ietf@andybierman.com>
- Re: Underspecified CallHome
  - From: Phil Shafer <phil@juniper.net>

Prev by Date: Re: Canonical configuration database order
Next by Date: Re: Canonical configuration database order
Previous by thread: Re: Underspecified CallHome
Next by thread: Re: Underspecified CallHome
Index(es):
- Date
- Thread