Re: Underspecified CallHome

[Andy Bierman <ietf@andybierman.com>]

Juergen Schoenwaelder wrote:
> On Fri, Jun 02, 2006 at 04:29:48PM -0400, Phil Shafer wrote:
>  
> > BEEP handles the device-initiated connection easily, and one can
> > use 'sshd -i' on the device side to pass a device-initiated connection
> > into the ssh daemon code, allowing us to preserve the existing
> > client/server relationship in netconf.  I'm clueless about how soap
> > would handle this.
>
> While I love the simplicity of this approach (agent establishes the
> TCP connection and once established it takes over the SSH server
> role), I had the feeling that security folks seriously disliked it
> during the ISMS discussions. Instead, they seemed to prefer something
> where you have to use host-key authentication and you end up with
> different notions of access control rules since you have different
> authenticated identities to deal with.
>
> I like to see a common approach to deal with "agent" initiated
> connections between netconf and ISMS and as I said I love the
> simplicity of what you propose for netconf...


Yes.  Ditto for endless-RPC.
One more and I guess you win a prize :-)

Since I'm an embedded C programmer, I have a permanent bias
towards simplicity.  The art of engineering is keeping the
inherent complexity as low as possible (which is like entropy;
once introduced, it can never be removed from the system ;-)

(I will refrain from ranting on IETF security protocol usage
and documentation requirements.  Not simple.)

> /js

Andy

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>