Re: [Isms] current naming agreement

To: Wes Hardaker <wjhns1 at hardakers.net>
Subject: Re: [Isms] current naming agreement
From: Wes Hardaker <wjhns1 at hardakers.net>
Date: Wed, 30 Jul 2008 06:58:40 -0700
Cc: ISMS WG <isms at ietf.org>
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=hardakers.net; h=from:to :cc:subject:references:date:in-reply-to:message-id:mime-version: content-type; s=wesmail; bh=mkNSiN4SsiFWRLlI/yW+b3Z3vOc=; b=OhD1 tpGM2SiKsC6RA6P88P+/X0IB3mHIWtZtFIZwx4jsHnXFSnuDMg+Oum26WrgWpa/l w8d4jjxkDhj6Z07Cn9EOKakwu8c7xinSnL7VwzrllEFHkzl/WIaFmuPuHdyMSl8P ACIpdsF+EMLztnAblP9tVtDVVFQCX8G2o0cVUCY=
In-reply-to: <20080729144308.GC11405@elstar.local> (Juergen Schoenwaelder's message of "Tue, 29 Jul 2008 16:43:08 +0200")
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Organization: Sparta
References: <sd63qp9dsj.fsf@wes.hardakers.net> <20080729144308.GC11405@elstar.local>
Sender: isms-bounces at ietf.org
User-agent: Gnus/5.110011 (No Gnus v0.11) XEmacs/21.4.21 (linux, no MULE)

>>>>> On Tue, 29 Jul 2008 16:43:08 +0200, Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de> said:

JS> What happens if I send a notification? Is everything sane in this case?

The remote side will still be tied to the securityName provided by (in
this case) the notification originator if the scalar was set to true
(strip the prefix).  It does beg the question, though, is if the scalar
is set to false then does the notification need to be set up (via the
target-mib) with the securityName "ssh:juergen" or just "juergen".  I
can argue it either way and actually don't care too much as long as it's
defined.

Since the VACM authorization is functionally done *before* the agent
tries to send the notification and it's using it's own data to do that,
it would likely make sense to require the prefix to be set up properly
already in both the target-mib and (obviously) the VACM tables.

It will, however, require probably another sentence in text talking
about stripping the prefix before opening a session where the
securityName used for openSession() would be expected to be prefixed.

-- 
Wes Hardaker
Sparta, Inc.
_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] current naming agreement
  - From: Juergen Schoenwaelder

References:
- [Isms] current naming agreement
  - From: Wes Hardaker
- Re: [Isms] current naming agreement
  - From: Juergen Schoenwaelder

Prev by Date: Re: [Isms] current naming agreement
Next by Date: Re: [Isms] current naming agreement
Previous by thread: Re: [Isms] current naming agreement
Next by thread: Re: [Isms] current naming agreement
Index(es):
- Date
- Thread

Re: [Isms] current naming agreement

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.