[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [NGO] FW: I-D ACTION:draft-badra-tls-netconf-04.txt

Dear Balazs and all,
Below a part of text I posted on the NGO mailing list, your comments are welcome...
If the server authenticates a client using certificate, the server MUST validate the certificate and check the client identity. The general algorithm described RFC4642 can be used for the client certificate validation. The client identity handled through its certificate MUST be verified and authenticated by the server according to local policy before any configuration or state data is sent to or received from the server.
The client identity could be considered to be the Common Name field in the X.509 v3 certificate or any of the fields in the AlternativeName extension defined in RFC3280. In this latter case, defined options include, among others, an Internet electronic mail address, a DNS name, an IP address, MAC, or a uniform resource identifier (URI) (RFC2459 section 4.2.1.7). Multiple name forms, and multiple instances of each name form, may be included. 

   Note: The local policy is not addressed in the document.

Best regards,
Badra

Balazs Lengyel a écrit :
Chapter 3.2) Client Id checking must be solved. I think this is a big problem. 
Balazs

Romascanu, Dan (Dan) wrote:



-----Original Message-----
From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org] Sent: Thursday, October 11, 2007 6:15 PM 
To: i-d-announce@ietf.org
Subject: I-D ACTION:draft-badra-tls-netconf-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts
directories.


    Title        : NETCONF over TLS
    Author(s)    : M. Badra
    Filename    : draft-badra-tls-netconf-04.txt
    Pages        : 7
    Date        : 2007-10-11
The NETCONF configuration protocol provides mechanisms to install, manipulate, and delete the configuration of network devices. This document describes how to use TLS to secure NETCONF exchanges. 

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-badra-tls-netconf-04.txt
To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings.
Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-badra-tls-netconf-04.txt". 

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt 

Internet-Drafts can also be obtained by e-mail.

Send a message to:
    mailserv@ietf.org.
In the body type:
    "FILE /internet-drafts/draft-badra-tls-netconf-04.txt".
NOTE: The mail server at ietf.org can return the document in 
    MIME-encoded form by using the "mpack" utility.  To use this
    feature, insert the command "ENCODING mime" before the "FILE"
    command.  To decode the response(s), you will need "munpack" or
    a MIME-compliant mail reader.  Different MIME-compliant mail
readers
    exhibit different behavior, especially when dealing with
    "multipart" MIME messages (i.e. documents which have been split
    up into multiple messages), so check your local documentation on
    how to manipulate these messages.

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.


------------------------------------------------------------------------

_______________________________________________
NGO mailing list
NGO@ietf.org
https://www1.ietf.org/mailman/listinfo/ngo



--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>