Re: [Isms] open issues

To: <isms at ietf.org>
Subject: Re: [Isms] open issues
From: "Randy Presuhn" <randy_presuhn at mindspring.com>
Date: Wed, 23 Apr 2008 11:53:16 -0600
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=mindspring.com; b=Cue9Qxs9L8uocDQ/k7x5tIZxYvtwwz6dLynnZG5c+xaB6b5O/Dt3jwPUbr0wb1Cg; h=Received:Message-ID:From:To:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <20080422210355.GA12678 at elstar.local> <002401c8a4dc$869f3400$6801a8c0 at oemcomputer> <20080423064530.GC13183 at elstar.local> <000d01c8a513$af1af400$6801a8c0 at oemcomputer> <20080423084701.GE13273 at elstar.local>
Sender: isms-bounces at ietf.org

Hi -

> From: "Juergen Schoenwaelder" <j.schoenwaelder at jacobs-university.de>
> To: "Randy Presuhn" <randy_presuhn at mindspring.com>
> Cc: <isms at ietf.org>
> Sent: Wednesday, April 23, 2008 2:47 AM
> Subject: Re: [Isms] open issues
...
> But if the manager is the SSH server, then all you have is an
> authenticated host the server is running on. You made the point that
> there can be distinct notification receivers on the same host. So how
> do you solve that puzzle?
...

I don't.  Our architecture, both on the manager and on the agent ends,
strongly assumes that security mechanisms are able to authenticate
to the granularity of a principal.  RFC 3411 sections 3.2.1 and 3.2.2
should make that clear.  If SSH doesn't provide (or can't be made to
provide) that service, then it's not suitable.  It's as simple as that.

Randy

_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] open issues
  - From: David B. Nelson
- Re: [Isms] open issues
  - From: Juergen Schoenwaelder

References:
- Re: [Isms] open issues
  - From: Juergen Schoenwaelder
- Re: [Isms] open issues
  - From: Randy Presuhn
- Re: [Isms] open issues
  - From: Juergen Schoenwaelder
- Re: [Isms] open issues
  - From: Randy Presuhn
- Re: [Isms] open issues
  - From: Juergen Schoenwaelder

Prev by Date: Re: [Isms] open issues
Next by Date: Re: [Isms] open issues
Previous by thread: Re: [Isms] open issues
Next by thread: Re: [Isms] open issues
Index(es):
- Date
- Thread

Re: [Isms] open issues

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.