Re: [Isms] wg last call on the (d)tls transport model

To: "Juergen Schoenwaelder" <j.schoenwaelder at jacobs-university.de>
Subject: Re: [Isms] wg last call on the (d)tls transport model
From: "Donati Andrew-MGIA0477" <adonati at motorola.com>
Date: Sun, 1 Nov 2009 09:57:49 -0500
Cc: isms at ietf.org
Delivered-to: isms at core3.amsl.com
In-reply-to: <20091029111229.GA20307 at elstar.local>
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <20091029111229.GA20307 at elstar.local>
Thread-index: AcpYiODHCnENnEukRAetovx4V3A/YwB1KMDA
Thread-topic: [Isms] wg last call on the (d)tls transport model

JS >Please do review the documents and post your comments on this list
until November 14, 2009.  Please also post to the list if you
JS >have read the documents and you are fine with them.  It is very
useful to know how many people have read the documents.

I read the (d)tls transport model document and here is the full summary
of my comments:
(The first 3 items were posted to the list previously) 

1.  tlstmServerAuthFailure notification.
Will it be helpful for network administrators to know the current count
of how many times the presented server certificate is invalid in each
tlstmServerAuthFailure notification?  If so, it may be useful to have
tlstmSessionInvalidServerCertificates as an additional binding,
especially if this object is the trigger.

2.  Standard authentication failure notification.
There may have been some previous discussions about possibly using the
standard authenticationFailure trap for tlstm (client) authentication
failures.  Will this be used or mentioned in the document?

3. tlstmServerCertNotFound
Will it be feasible to have a scalar object that serves as a counter for
this event? 
If implemented, it can be added to this notification.

4.  Section 6.4 Configuration Tables
There is double verb, (is are), in the 2nd sentence.

5. Section 6.4.1 Notifications
This section mentions a notification (tlstmServerAuthFailure) that
alerts management stations when the server's presented certificate does
not meet the expected value but does not appear to have a statement that
directly refers to the tlstmServerCertNotFound notification.

-Andy Donati

Follow-Ups:
- Re: [Isms] wg last call on the (d)tls transport model
  - From: Wes Hardaker

References:
- [Isms] wg last call on the (d)tls transport model
  - From: Juergen Schoenwaelder

Prev by Date: Re: [Isms] SNMP over (D)TLS draft available for review - tlstmServerAuthFailure and notification
Next by Date: Re: [Isms] wg last call on the (d)tls transport model
Previous by thread: [Isms] wg last call on the (d)tls transport model
Next by thread: Re: [Isms] wg last call on the (d)tls transport model
Index(es):
- Date
- Thread

Re: [Isms] wg last call on the (d)tls transport model

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.