Re: [Isms] draft-hardaker-isms-dtls-tm-05 submitted - tlstmNotifications

[Wes Hardaker <wjhns1 at hardakers.net>]

>>>>> On Mon, 14 Sep 2009 17:21:42 -0400, "David Harrington" <ietfdbh at comcast.net> said:

DH> Following up on Juergen's and Jeff's comments, I think the document
DH> should explain why this TM does pay attention to
DH> authentication-mechanism-specific errors, as compared to, say, SSH -
DH> IIUC, because TLS does not multiplex services while SSH does.

I'm not sure it's necessary to document the differences, IMHO.  Each
document should define the objects that are necessary to manage them.  I
don't think a cross-comparison of "why" is necessary.

DH> For interoperability purposes, it is important to know that some
DH> agents might send a notification and count these particular errors,
DH> while others do not, even though both would apparently be considered
DH> compliant.

I agree.  I don't think imposing some of these should be MUSTs in terms
of interoperability, so I agree.  I think putting them in optional
compliance modules alleviates this problem.

DH> A knob that indicates whether this support is available or not might
DH> be helpful to NMSes.

Sadly, we have that knob now in SNMP (agent-capabilities); the problem
is that the solution isn't one that anyone likes to use.  I don't think
it's within the scope of the WG to fix the compliance reporting features
within SNMP itself.  (I'd love to see that work get done generically
somewhere; it's definitely a missing piece of the puzzle)
-- 
Wes Hardaker
Cobham Analytic Solutions