Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications

To: David Harrington <ietfdbh at comcast.net>, "'Wes Hardaker'" <wjhns1 at hardakers.net>
Subject: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
From: Jeffrey Hutzelman <jhutz at cmu.edu>
Date: Mon, 14 Sep 2009 16:52:31 -0400
Cc: isms at ietf.org, jhutz at cmu.edu
Delivered-to: isms at core3.amsl.com
In-reply-to: <033a01ca3579$ea2c30c0$0600a8c0 at china.huawei.com>
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <sd63eliohe.fsf at wes.hardakers.net> <E6658A5CB6378B46A7F9C43757A73977047E6252 at de01exm63.ds.mot.com> <sdfxapa0nc.fsf at wjh.hardakers.net> <20090914182918.GA1332 at elstar.local> <27070_1252954966_n8EJ2jKD029767_sd4or59wpj.fsf at wjh.hardakers.net> <FB64E92A8472D9DC947B53A0 at atlantis.pc.cs.cmu.edu> <033a01ca3579$ea2c30c0$0600a8c0 at china.huawei.com>

--On Monday, September 14, 2009 04:28:26 PM -0400 David Harrington<ietfdbh at comcast.net> wrote:

If you want insight into what is happening at the (D)TLS "layer", then
you should write a (D)TLS MIB to capture that information. That does
not belong in the transport model though, just as the specific SSH
failures do not get documented in the SSHTM MIB.

Think of it this way. If you write a generic (D)TLS MIB that recorded
InvalidClientCertificates and InvalidServercertificates, would these
only be incremented when SNMP was the protocol utilizing the (D)TLS
service, or might they also be incremented when using, say, IPFIX or
Netconf or HTTP? I think these are (D)TLS-specific errors, not
SNMP-TM-specific errors.

There really isn't such a thing as "_the_ (D)TLS service". A given hostmight have any number of services utilizing TLS or DTLS on different portswith different configuration. It's not multiplexed the way SSH might be,and you wouldn't want to combine management information for them. Ideally,there'd be some kind of "MIB fragment" describing (D)TLS which could beincorporated into MIB's for various services using those protocols, ofwhich the SNMP DTLS TM is just one.

Follow-Ups:
- Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
  - From: Juergen Schoenwaelder
- Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
  - From: David Harrington

References:
- [Isms] draft-hardaker-isms-dtls-tm-05 submitted
  - From: Wes Hardaker
- Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
  - From: Donati Andrew-MGIA0477
- Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
  - From: Wes Hardaker
- Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
  - From: Juergen Schoenwaelder
- Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
  - From: Jeffrey Hutzelman
- Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
  - From: David Harrington

Prev by Date: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
Next by Date: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
Previous by thread: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
Next by thread: Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications
Index(es):
- Date
- Thread

Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.