Re: [Isms] Ismssnmp: URI scheme transport extensions

To: Jeffrey Hutzelman <jhutz at cmu.edu>
Subject: Re: [Isms] Ismssnmp: URI scheme transport extensions
From: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
Date: Tue, 28 Jul 2009 00:56:25 +0200
Cc: "isms at ietf.org" <isms at ietf.org>
Delivered-to: isms at core3.amsl.com
In-reply-to: <9CCC50259830C1C1C5837884 at [10.0.0.3]>
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Mail-followup-to: Jeffrey Hutzelman <jhutz at cmu.edu>, Wes Hardaker <wjhns1 at hardakers.net>, "isms at ietf.org" <isms at ietf.org>
References: <20090727072924.GB10456 at elstar.local> <sdprbm5ytd.fsf at wes.hardakers.net> <18922_1248687129_n6R9W8h3025686_20090727093204.GA10532 at elstar.local> <9CCC50259830C1C1C5837884 at [10.0.0.3]>
Reply-to: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
User-agent: Mutt/1.5.19 (2009-01-05)

On Tue, Jul 28, 2009 at 12:08:47AM +0200, Jeffrey Hutzelman wrote:

> I still don't think transport= is the right approach.  In your URL example, 
> is 'tester' intended to be a securityName or part of the SSH transport 
> address?  I suspect the answer is that for UDP/USM it is a securityName, 
> but for TCP/SSM/TSM it is part of the SSH transport address, indicating the 
> SSH username to use.  That is, the syntax depends on the transport being 
> used.

In USM, you specify a user name - since in both cases (USM and SSH)
the default transform is an identity transform, the difference between
a user name and a securityName is subtle.

> The right way to have differing syntax is to use different URI schemes. 
> UDP, TCP, SSH, TLS, DTLS/UDP, and DTLS/SCTP should probably all have 
> different URI schemes.
> 
> Once you've done that, different schemes can imply different defaults, so 
> the default security model for SSH, TLS, DTLS/UDP, and DtLS/SCTP is TSM, 
> while the default security model for UDP and TCP is USM.

I note this is legal:

   sip:alice:secretword at atlanta.com;transport=tcp

They obviously do not have a siptcp: scheme - but they do have sips:
(while they deprecated the sip:<bla>;transport=tls version but then I
note that sips actually implies TLS over the complete E2E path and not
just one hop).

I guess we need advice from URI experts. There was probably a good
reason why we ignored all this when we did RFC 4088...

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

References:
- [Isms] snmp: URI scheme transport extensions
  - From: Juergen Schoenwaelder
- Re: [Isms] Ismssnmp: URI scheme transport extensions
  - From: Wes Hardaker
- Re: [Isms] Ismssnmp: URI scheme transport extensions
  - From: Jeffrey Hutzelman

Prev by Date: Re: [Isms] Ismssnmp: URI scheme transport extensions
Next by Date: [Isms] Next steps for Extended VACM?
Previous by thread: Re: [Isms] Ismssnmp: URI scheme transport extensions
Next by thread: Re: [Isms] snmp: URI scheme transport extensions
Index(es):
- Date
- Thread

Re: [Isms] Ismssnmp: URI scheme transport extensions

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.