[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NETCONF over TLS

To: "Netconf (E-mail)" <netconf@ops.ietf.org>
Subject: Re: NETCONF over TLS
From: Andy Bierman <ietf@andybierman.com>
Date: Sat, 16 Jun 2007 18:38:57 -0700
In-reply-to: <20070615181423.GC13774@elstar.local>
References: <46729B3B.9090403@andybierman.com> <20070615181423.GC13774@elstar.local>
User-agent: Thunderbird 1.5.0.12 (Windows/20070509)

Juergen Schoenwaelder wrote:

On Fri, Jun 15, 2007 at 06:59:23AM -0700, Andy Bierman wrote:

I'm not sure if the WG was ever officially asked to comment
on the draft by Mohamad Badra called "NETCONF over TLS".
So I am asking now.

http://www.ietf.org/internet-drafts/draft-badra-tls-netconf-03.txt

Please send comments on this draft and the feature itself
to the WG mailing list.

Are there implementations of this feature (not just this draft)?


I know that early implementations from INRIA were running over TLS
instead of SSH. They then switched over to SSH after I told them that
TLS is a non-defined transport mapping. Not sure what this means; at
least there were people implementing something like NETCONF over TLS.

Should this work be standardized?

If not, should it be published as Informational or Experimental?


I don't care so much about the political implications of this
question. In practice, I believe a NETCONF over TLS mapping has at
least the same changes of implementation and deployment than some of
the other transport we have put on the standards track and hence I
would vote for a fair treatment of all the transports and then in
three-five years we can decide which ones to declare historic when the
others go for Draft Standard.


It is not political, but rather the level of peer review and consensus.

However, a non-WG RFC can be published as Proposed Standard with
the consent of the relevant WG, I think.

Perhaps if Badra, Juergen, and others get help from the Security area
on TLS and Security Considerations, publishing an Informational
or Proposed Standard RFC (from the individual submission, with WG approval)
would be possible.

There are some features waiting in line, like partial locks and access control,
and I don't think the priority of new transport mapping work is very high.

In 3 - 5 years (or maybe less), the mappings that are not
being used will be classified as Historic.  Maybe TLS will
become the default instead of SSH someday.  As long as TLS
is implemented in addition to the mandatory SSH mapping,
I don't think interoperability is harmed.

/js


Andy

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: NETCONF over TLS
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>
- RE: NETCONF over TLS
  - From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>

References:
- NETCONF over TLS
  - From: Andy Bierman <ietf@andybierman.com>
- Re: NETCONF over TLS
  - From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>

Prev by Date: Re: Re: NETCONF over TLS
Next by Date: RE: NETCONF over TLS
Previous by thread: Re: NETCONF over TLS
Next by thread: RE: NETCONF over TLS
Index(es):
- Date
- Thread