Re: [Isms] Session timeouts?

To: <isms at ietf.org>
Subject: Re: [Isms] Session timeouts?
From: "David B. Nelson" <d.b.nelson at comcast.net>
Date: Wed, 2 Apr 2008 15:55:15 -0400
Cc: 'Jeffrey Hutzelman' <jhutz at cmu.edu>
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
In-reply-to: <D72936C0C7AB331949E85755 at sirius.fac.cs.cmu.edu>
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <03c701c894e4$a44811a0$6401a8c0 at NEWTON603> <020701c894e6$82a4b380$0600a8c0 at china.huawei.com> <03dd01c894e9$5de70090$6401a8c0 at NEWTON603> <D72936C0C7AB331949E85755 at sirius.fac.cs.cmu.edu>
Sender: isms-bounces at ietf.org
Thread-index: AciU+JOmjd3sZivITVyb0kQ7AXceOQAAOZyA

Jeffrey Hutzelman writes...

> I think it's entirely reasonable to specify RADIUS attributes which
> describe session timeout behavior for SSH, with the understanding that 
> while there is a standard way to describe the timeouts, there is no 
> requirement that an SSH server actually implement them.

Right.  RADIUS standards do not create requirements for applications to
implement the use of certain attributes, or support certain features; only
end users do that.  The most that the RADIUS documents dictate is how the
attributes are to be used, if the feature is implemented. 

I think it's useful to point out what RADIUS features are available for use
with SNMP Transport Models.  That's how I would propose to handle the
session timeout issue for ISMS, to describe how RADIUS attributes are used
to provision this feature, and suggest (dare I say recommend?) how it might
be implemented, e.g. in the SSH server.

If it turns out that there are Security Considerations surrounding the
decision to implement session timeouts (or not) we could describe them.


_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] Session timeouts?
  - From: Wes Hardaker

References:
- [Isms] Session timeouts?
  - From: David B. Nelson
- Re: [Isms] Session timeouts?
  - From: David Harrington
- Re: [Isms] Session timeouts?
  - From: David B. Nelson
- Re: [Isms] Session timeouts?
  - From: Jeffrey Hutzelman

Prev by Date: Re: [Isms] Session timeouts?
Next by Date: Re: [Isms] Session timeouts?
Previous by thread: Re: [Isms] Session timeouts?
Next by thread: Re: [Isms] Session timeouts?
Index(es):
- Date
- Thread

Re: [Isms] Session timeouts?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.