Re: [Netconf] notification access control

To: "NETCONF" <netconf at ietf.org>
Subject: Re: [Netconf] notification access control
From: "Randy Presuhn" <randy_presuhn at mindspring.com>
Date: Thu, 18 Jun 2009 10:00:15 -0700
Delivered-to: netconf at core3.amsl.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=mindspring.com; b=tcSZFeqjcD30QL6NXaUsolyhEdENx8oA4ZvsiiITi7AAdLLPRYLPMAsSWPnJnQmZ; h=Received:Message-ID:From:To:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
List-archive: <http://www.ietf.org/mail-archive/web/netconf>
List-help: <mailto:netconf-request@ietf.org?subject=help>
List-id: Network Configuration WG mailing list <netconf.ietf.org>
List-post: <mailto:netconf@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
References: <200906171944.n5HJiBBo056500 at idle.juniper.net> <4A394F71.4090500 at netconfcentral.com> <001201c9ef9c$832a64a0$6801a8c0 at oemcomputer> <4A397C90.1050801 at netconfcentral.com> <000c01c9efaa$f6489340$6801a8c0 at oemcomputer> <4A398AAE.5000300 at netconfcentral.com> <000401c9efb0$9eb7d4a0$6801a8c0 at oemcomputer> <4A399C99.8060709 at netconfcentral.com> <000601c9efbf$53822580$6801a8c0 at oemcomputer> <4A39ADF9.4060006 at netconfcentral.com> <000401c9efc8$9dbbd480$6801a8c0 at oemcomputer> <4A3A2C5F.9030003 at netconfcentral.com>

Hi -

> From: "Andy Bierman" <andy at netconfcentral.com>
> To: "Randy Presuhn" <randy_presuhn at mindspring.com>
> Cc: "NETCONF" <netconf at ietf.org>
> Sent: Thursday, June 18, 2009 5:00 AM
> Subject: Re: [Netconf] notification access control
...
> Depending on the environment, the operator can configure
> the ACM to do the right thing.

The point is this: configuring the ACM to "do the right thing"
would mean that notification payload redaction would not
happen, because the cases where redaction would occur
should have been precluded by access control to begin with.
Or is the idea that payload redaction would function
as a kind of "harm reduction" in cases where the security
administrator didn't set up notification access control correctly?

Randy

Follow-Ups:
- Re: [Netconf] notification access control
  - From: Andy Bierman

References:
- Re: [Netconf] notification access control
  - From: Phil Shafer
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn
- Re: [Netconf] notification access control
  - From: Andy Bierman

Prev by Date: Re: [Netconf] notification access control
Next by Date: Re: [Netconf] notification access control
Previous by thread: Re: [Netconf] notification access control
Next by thread: Re: [Netconf] notification access control
Index(es):
- Date
- Thread

Re: [Netconf] notification access control

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.