[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NETCONF over TLS

To: Eliot Lear <lear@cisco.com>
Subject: Re: NETCONF over TLS
From: Andy Bierman <ietf@andybierman.com>
Date: Mon, 18 Jun 2007 09:45:33 -0700
Cc: Mohamad Badra <badra@isima.fr>, Simon Leinen <simon.leinen@switch.ch>, netconf@ops.ietf.org
In-reply-to: <4676A509.5000008@cisco.com>
References: <200706162025.l5GKOxjw055055@idle.juniper.net> <aafy4pv61z.fsf@switch.ch> <467675BB.3000105@isima.fr> <46768F81.5050405@cisco.com> <4676A24D.5040105@isima.fr> <4676A509.5000008@cisco.com>
User-agent: Thunderbird 1.5.0.12 (Windows/20070509)

Eliot Lear wrote:

Mohamad Badra wrote:
Between, could you please tell what "far less functionally" does mean?
The whole point of SASL is to provide for multiple profiles so that ifyou want to use the GSSAPI or PLAIN or OTP or something else, you can doso. In fact this is a battle we keep fighting *and* losing in networkmanagement. Shall we some day plan to have an ISMS equivalent fornetconf? I surely hope not.
And of course, you get all of this for free with the BEEP spec.


I have heard comments From Juergen that there are several foo-over-TLS
drafts out there, and perhaps one specification for NM-over-TLS
might be better.  I heard concerns about 'vertical silos' from Dave H
along the same lines.  I also respect Eliot's concerns about reinventing
things.

The details are always messier than the "idea".

So, with this new 'special' <request-login> RPC (that creates
a layer violation in itself) the agent needs to send 'operation-failed'
errors for any other RPC received before this one?  A special mode is needed
in the RPC handler, based on, and coupled to, the transport protocol
used to establish the session -- just to support this special RPC method.

Yuch.

Eliot


Andy

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: NETCONF over TLS
  - From: "tom.petch" <cfinss@dial.pipex.com>
- Re: NETCONF over TLS
  - From: Phil Shafer <phil@juniper.net>

References:
- Re: Re: NETCONF over TLS
  - From: Phil Shafer <phil@juniper.net>
- Re: NETCONF over TLS
  - From: Simon Leinen <simon.leinen@switch.ch>
- Re: NETCONF over TLS
  - From: Mohamad Badra <badra@isima.fr>
- Re: NETCONF over TLS
  - From: Eliot Lear <lear@cisco.com>
- Re: NETCONF over TLS
  - From: Mohamad Badra <badra@isima.fr>
- Re: NETCONF over TLS
  - From: Eliot Lear <lear@cisco.com>

Prev by Date: Re: NETCONF over TLS
Next by Date: Re: NETCONF over TLS
Previous by thread: Re: NETCONF over TLS
Next by thread: Re: NETCONF over TLS
Index(es):
- Date
- Thread