Re: [Isms] Proposed text changes for the secshell draft

["tom.petch" <cfinss at dial.pipex.com>]

Wes

I tried the URL and got http 404.  Something of a relief as I do not relish the
prospect of another day spent reverse engineering EOPs:-)   What I would prefer
is rough consensus from everyone on the issues we have discussed, to whit:

1) the securityName used for a transaction in the local SNMP engine may not be
the same as that used in the remote engine; this may occur when e-mail format
addresses (user at example.com:port) are used

2) the securityName remains the same for the duration of a transaction (message
sent and message(s) received) within a single engine

3) the securityName is not authenticated within a Notification Originator

4) the transportAddress used in the ASIs to establish a session must appear
unchanged in the ASIs for all subsequent messages over that session

5) the tmTransportAddress as passed in tmState may vary between the outgoing and
incoming messages of a transaction; this may occur when e-mail format addresses
are used

6) tmSessionID uniquely identifies an SSH session within an engine both for
current sessions and for sessions that have existed recently or may be setup in
the near future, remains unchanged for the duration of that session and may be
used anywhere in the engine where it is necessary to identify a session

7) when an application uses securityName+e-mail format transportAddress with
transportDomain snmpSSHDomain, then
alice+bob at example.com:request
alice+bob at example.com:notify
bob+bob at example.com:request
bob+example.com:request
will result in four separate SSH sessions

8) the transportAddress MUST include a port; omitting the port is an error

Agreeing points in this format makes it much easier for me to verify that EOPs
do what we want, and to propose amended text as and when they do not eg all
references to example.com MUST be changed to example.com:port:-)

Tom Petch

----- Original Message -----
From: "Wes Hardaker" <wjhns1 at hardakers.net>
To: <isms at ietf.org>
Sent: Tuesday, March 03, 2009 6:26 PM
Subject: [Isms] Proposed text changes for the secshell draft


>
> I've hacked up the secshell draft to fix the issue with respect to the
> need for a consistent tmSecurtyName.  If nothing else, I think this
> discussion has been a good one because it's highlighted that the
> tmSecurityName must be consistent for the life of the session and we
> didn't state that clearly in the -14 draft.  It was roughly stated in
> the text in some obscure ways that I'm not at all sure that
> implementations would have gotten it right.
>
> Here's a URL for the diffs (obviously: ignore the not-relevant changes
> introduced by date changes, etc):
>
>
http://tools.ietf.org//rfcdiff?url1=http://www.hardakers.net/temp/draft-ietf-ism
s-secshell-14.txt&url2=http://www.hardakers.net/temp/draft-ietf-isms-secshell-15
wes.txt
> --
> Wes Hardaker
> Sparta, Inc.
> _______________________________________________
> Isms mailing list
> Isms at ietf.org
> https://www.ietf.org/mailman/listinfo/isms