Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications

To: Wes Hardaker <wjhns1 at hardakers.net>
Subject: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
From: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
Date: Mon, 14 Sep 2009 20:29:18 +0200
Cc: "isms at ietf.org" <isms at ietf.org>
Delivered-to: isms at core3.amsl.com
In-reply-to: <sdfxapa0nc.fsf at wjh.hardakers.net>
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Mail-followup-to: Wes Hardaker <wjhns1 at hardakers.net>, Donati Andrew-MGIA0477 <adonati at motorola.com>, "isms at ietf.org" <isms at ietf.org>
References: <sd63eliohe.fsf at wes.hardakers.net> <E6658A5CB6378B46A7F9C43757A73977047E6252 at de01exm63.ds.mot.com> <sdfxapa0nc.fsf at wjh.hardakers.net>
Reply-to: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
User-agent: Mutt/1.5.20 (2009-06-14)

On Mon, Sep 14, 2009 at 07:36:55PM +0200, Wes Hardaker wrote:
> >>>>> On Mon, 14 Sep 2009 12:40:38 -0400, "Donati Andrew-MGIA0477" <adonati at motorola.com> said:
> 
> DA> Will it be feasible to define optional notifications for each the 
> DA> events defined by the counters below ?
> 
> DA> tlstmSessionInvalidClientCertificates
> DA> tlstmSessionInvalidServerCertificates 
> 
> I think it's a good idea to have notifications defined for those two
> cases.  The likely triggering points would be:
> 
> 1) tlstmSessionInvalidClientCertificates
> 
>    - command responder, notification responder or proxy application
>      receives a client cert it can't cope with.
> 
> 2) tlstmSessionInvalidServerCertificates
> 
>    - a command generator in a remote device (e.g., disman-event mib type
>      functionality or ...) or proxy application receives a server cert
>      it can't cope with.
> 
>    - in theory a local manager could trigger this condition too, but it
>      doesn't make as much sense.  There is no reason to say they can't
>      send it though.

The question is to what extend the SNMP agent is really involved in
all this or whether the DTLS transport takes care of the processing
itself. In the SNMP over SSH case, we did decide to stay out of things
that really concern the SSH layer. It seems with TLS/DTLS, we seem to
go into much more details - perhaps this is even justified. I just
notice that we seem to deal with these different secure transports
differently.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

Follow-Ups:
- Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
  - From: Wes Hardaker

References:
- [Isms] draft-hardaker-isms-dtls-tm-05 submitted
  - From: Wes Hardaker
- Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
  - From: Donati Andrew-MGIA0477
- Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
  - From: Wes Hardaker

Prev by Date: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
Next by Date: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
Previous by thread: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
Next by thread: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
Index(es):
- Date
- Thread

Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.