Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications

To: "Donati Andrew-MGIA0477" <adonati at motorola.com>
Subject: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
From: Wes Hardaker <wjhns1 at hardakers.net>
Date: Mon, 14 Sep 2009 10:36:55 -0700
Cc: isms at ietf.org
Delivered-to: isms at core3.amsl.com
In-reply-to: <E6658A5CB6378B46A7F9C43757A73977047E6252 at de01exm63.ds.mot.com> (Donati Andrew-MGIA's message of "Mon, 14 Sep 2009 12:40:38 -0400")
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Organization: Sparta
References: <sd63eliohe.fsf at wes.hardakers.net> <E6658A5CB6378B46A7F9C43757A73977047E6252 at de01exm63.ds.mot.com>
User-agent: Gnus/5.110011 (No Gnus v0.11) XEmacs/21.4.22 (linux, no MULE)

>>>>> On Mon, 14 Sep 2009 12:40:38 -0400, "Donati Andrew-MGIA0477" <adonati at motorola.com> said:

DA> Will it be feasible to define optional notifications for each the 
DA> events defined by the counters below ?

DA> tlstmSessionInvalidClientCertificates
DA> tlstmSessionInvalidServerCertificates 

I think it's a good idea to have notifications defined for those two
cases.  The likely triggering points would be:

1) tlstmSessionInvalidClientCertificates

   - command responder, notification responder or proxy application
     receives a client cert it can't cope with.

2) tlstmSessionInvalidServerCertificates

   - a command generator in a remote device (e.g., disman-event mib type
     functionality or ...) or proxy application receives a server cert
     it can't cope with.

   - in theory a local manager could trigger this condition too, but it
     doesn't make as much sense.  There is no reason to say they can't
     send it though.


The interesting question is that for #1, we actually already have such a
notification in a more generic form:  the authenticationFailure
notification from the SNMPv2-MIB.  The questions in my mind are:

A) should we include a more specific one for DTLS
B) should we specify in the documentation other likely (recommend)
   DTLS specific variables to add to the generic authenticationFailure
   notification when being sent?

-- 
Wes Hardaker
Cobham Analytic Solutions

Follow-Ups:
- Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
  - From: Juergen Schoenwaelder

References:
- [Isms] draft-hardaker-isms-dtls-tm-05 submitted
  - From: Wes Hardaker
- Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
  - From: Donati Andrew-MGIA0477

Prev by Date: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
Next by Date: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
Previous by thread: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
Next by thread: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
Index(es):
- Date
- Thread

Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.