RE: NETCONF over TLS

["Romascanu, Dan (Dan)" <dromasca@avaya.com>]

In-line. 

Dan


 
 

> -----Original Message-----
> From: owner-netconf@ops.ietf.org 
> [mailto:owner-netconf@ops.ietf.org] On Behalf Of Andy Bierman
> Sent: Sunday, June 17, 2007 4:39 AM
> To: Netconf (E-mail)
> Subject: Re: NETCONF over TLS
> 
> Juergen Schoenwaelder wrote:
> > On Fri, Jun 15, 2007 at 06:59:23AM -0700, Andy Bierman wrote:
> > 
> >> I'm not sure if the WG was ever officially asked to comment on the 
> >> draft by Mohamad Badra called "NETCONF over TLS".
> >> So I am asking now.
> >>
> >> http://www.ietf.org/internet-drafts/draft-badra-tls-netconf-03.txt
> >>
> >> Please send comments on this draft and the feature itself 
> to the WG 
> >> mailing list.
> >>
> >> Are there implementations of this feature (not just this draft)?
> > 
> > I know that early implementations from INRIA were running over TLS 
> > instead of SSH. They then switched over to SSH after I told 
> them that 
> > TLS is a non-defined transport mapping. Not sure what this 
> means; at 
> > least there were people implementing something like NETCONF 
> over TLS.
> > 
> >> Should this work be standardized?
> >>
> >> If not, should it be published as Informational or Experimental?
> > 
> > I don't care so much about the political implications of this 
> > question. In practice, I believe a NETCONF over TLS mapping has at 
> > least the same changes of implementation and deployment 
> than some of 
> > the other transport we have put on the standards track and hence I 
> > would vote for a fair treatment of all the transports and then in 
> > three-five years we can decide which ones to declare 
> historic when the 
> > others go for Draft Standard.
> > 
> 
> It is not political, but rather the level of peer review and 
> consensus.
> 
> However, a non-WG RFC can be published as Proposed Standard 
> with the consent of the relevant WG, I think.

Indeed. This can be done as a AD-sponsored individual submission.
Actually this is what Mohamad requested, with the observation that he is
targeting Informational RFC status. The process is documented in
http://www.ietf.org/IESG/content/ions/ion-ad-sponsoring.html. 

> 
> Perhaps if Badra, Juergen, and others get help from the 
> Security area on TLS and Security Considerations, publishing 
> an Informational or Proposed Standard RFC (from the 
> individual submission, with WG approval) would be possible.

This falls mainly on the AD, as you can see in the ION. This discussions
is part of my verification about the level of interest and the
availability of expert resources, so please everybody express you
opinions on this list. My estimation until now is that there is a
certain level of interest, but this document needs expert reviews from
NETCONF experts and in the security area, so I would like to make sure
that resources are available for these reviews. 


> 
> There are some features waiting in line, like partial locks 
> and access control, and I don't think the priority of new 
> transport mapping work is very high.

It would probably be good to discuss this submission also in the nee BOF
in Chicago, to see how it rates as level of interest relative to the
other NETCONF extension subjects. 

> 
> In 3 - 5 years (or maybe less), the mappings that are not 
> being used will be classified as Historic.  Maybe TLS will 
> become the default instead of SSH someday.  As long as TLS is 
> implemented in addition to the mandatory SSH mapping, I don't 
> think interoperability is harmed.

Yes.

Dan

> 
> > /js
> > 
> 
> Andy
> 

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>