Re: [Isms] Proposed SSH Transport Address Changes (and a quick nit)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Isms] Proposed SSH Transport Address Changes (and a quick nit)
Wes Hardaker wrote:
>
> DH> I am of the impression this would require yet another
> DH> mapping table to support a feature that is not needed by
> DH> everybody.
>
> Actually, I think it drops the need for one.
This reply comes a bit late... but I think I agree with Wes here:
allowing "user at host" as SSH transport address could drop the need
for one mapping table on notification originators (it's not that
important for command generators).
An administrator configuring TARGET-MIB will of course include the
securityName used for VACM, but that's *our* name for the *recipient*
(e.g. "joe", an administrator). To actually open the SSH connection,
SSH will need to send *their* name for *us* (e.g. "router134").
Configuring an extra table mapping "joe,192.0.2.1" to "router134" will
of course work, but allowing "router134 at 192.0.2.1" as transport
address could be simpler to deploy.
(SFrom isms-bounces at ietf.org Tue Aug 5 02:33:43 2008
Return-Path: <isms-bounces at ietf.org>
X-Original-To: isms-archive at megatron.ietf.org
Delivered-To: ietfarch-isms-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 5AEB13A6CC7;
Tue, 5 Aug 2008 02:33:43 -0700 (PDT)
X-Original-To: isms at core3.amsl.com
Delivered-To: isms at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 4C79928C1D3
for <isms at core3.amsl.com>; Tue, 5 Aug 2008 02:33:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.574
X-Spam-Level:
X-Spam-Status: No, score=-5.574 tagged_above=-999 required=5 tests=[AWL=1.025,
BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Daj3y7Sta7Qc for <isms at core3.amsl.com>;
Tue, 5 Aug 2008 02:33:41 -0700 (PDT)
Received: from mgw-mx06.nokia.com (smtp.nokia.com [192.100.122.233])
by core3.amsl.com (Postfix) with ESMTP id 3FC6A3A6CC0
for <isms at ietf.org>; Tue, 5 Aug 2008 02:33:41 -0700 (PDT)
Received: from vaebh105.NOE.Nokia.com (vaebh105.europe.nokia.com
[10.160.244.31])
by mgw-mx06.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id
m759XrpZ016415; Tue, 5 Aug 2008 12:33:56 +0300
Received: from vaebh102.NOE.Nokia.com ([10.160.244.23]) by
vaebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 5 Aug 2008 12:33:52 +0300
Received: from vaebe104.NOE.Nokia.com ([10.160.244.59]) by
vaebh102.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 5 Aug 2008 12:33:38 +0300
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 5 Aug 2008 12:33:48 +0300
Message-ID: <1696498986EFEC4D9153717DA325CB7201474C12 at vaebe104.NOE.Nokia.com>
In-Reply-To: <sdtzeszil4.fsf at wes.hardakers.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Isms] Proposed SSH Transport Address Changes (and a quick nit)
Thread-Index: Acjlt71YPeoOCArQQ+qdbyeIKtQrfQRJAchA
References: <sd7ic23ome.fsf at wes.hardakers.net><20080714101933.GA8289 at elstar.local><065301c8e5a8$47f98360$0600a8c0 at china.huawei.com>
<sdtzeszil4.fsf at wes.hardakers.net>
From: <Pasi.Eronen at nokia.com>
To: <wjhns1 at hardakers.net>
X-OriginalArrivalTime: 05 Aug 2008 09:33:38.0443 (UTC)
FILETIME=[57181DB0:01C8F6DE]
X-Nokia-AV: Clean
Cc: isms at ietf.org
Subject: Re: [Isms] Proposed SSH Transport Address Changes (and a quick nit)
X-BeenThere: isms at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mailing list for the ISMS working group <isms.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>,
<mailto:isms-request at ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/isms>
List-Post: <mailto:isms at ietf.org>
List-Help: <mailto:isms-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isms>,
<mailto:isms-request at ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: isms-bounces at ietf.org
Errors-To: isms-bounces at ietf.org
Wes Hardaker wrote:
>
> DH> I am of the impression this would require yet another
> DH> mapping table to support a feature that is not needed by
> DH> everybody.
>
> Actually, I think it drops the need for one.
This reply comes a bit late... but I think I agree with Wes here:
allowing "user at host" as SSH transport address could drop the need
for one mapping table on notification originators (it's not that
important for command generators).
An administrator configuring TARGET-MIB will of course include the
securityName used for VACM, but that's *our* name for the *recipient*
(e.g. "joe", an administrator). To actually open the SSH connection,
SSH will need to send *their* name for *us* (e.g. "router134").
Configuring an extra table mapping "joe,192.0.2.1" to "router134" will
of course work, but allowing "router134 at 192.0.2.1" as transport
address could be simpler to deploy.
(SSH will SH will still need a mapping from "192.0.2.1" to the host public
key, and from "router134 at 192.0.2.1" to the password/private key,
but IMHO those really belong in SSH module, not on SNMP side.)
Best regards,
Pasi
_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms
still need a mapping from "192.0.2.1" to the host public
key, and from "router134 at 192.0.2.1" to the password/private key,
but IMHO those really belong in SSH module, not on SNMP side.)
Best regards,
Pasi
_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
