Re: [Isms] tm table was Re: pre-08 for TSM document

To: "tom.petch" <cfinss at dial.pipex.com>
Subject: Re: [Isms] tm table was Re: pre-08 for TSM document
From: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
Date: Fri, 27 Jun 2008 14:01:57 +0200
Cc: isms at ietf.org
Delivered-to: ietfarch-isms-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
In-reply-to: <008f01c8d843$954821c0$0601a8c0@allison>
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Mail-followup-to: "tom.petch" <cfinss at dial.pipex.com>, David Harrington <ietfdbh at comcast.net>, isms at ietf.org
References: <00d201c8d1f9$06f328c0$3bf780de@china.huawei.com> <00e201c8d201$b5e9ae50$3bf780de@china.huawei.com> <007f01c8d5d1$01b0bc20$0601a8c0@allison> <20080627071220.GA2713@elstar.local> <008f01c8d843$954821c0$0601a8c0@allison>
Reply-to: j.schoenwaelder at jacobs-university.de
Sender: isms-bounces at ietf.org
User-agent: Mutt/1.5.18 (2008-05-17)

On Fri, Jun 27, 2008 at 12:49:25PM +0200, tom.petch wrote:
 
> On an incoming call, the SSHTM will know transport addresses, ports
> and type, SSH user name, SSH host name and will have an SSH session
> identifier; I assume that this will be stored in an internal SSHTM
> table(or cache).  When a message subsequently arrives over that
> session, SSHTM cannot know the securityLevel or securityName (as
> generated by the message originator), the former is buried in the
> ASN.1, the latter is the province of the SM not the TM.

The TM caches the authenticated identity and passes this on via the
tmStateReference. The SM picks up the value, it knows which TM has
passed the tmStateReference, and it knows the actual security level
and can check them.
 
> So on an outgoing message at some later time, it cannot match the
> 4-tuple of transportDomain and transportAddress, securityName and
> securityLevel that is used elsewhere in the stack to identify the
> session to be used for a message.  I thought that snmpTsmLCDTable
> would provide an answer but I don't see it.

Why not? What do you think is missing?

> (The SSHTM I-D says
> "     1) Determine the target index by extracting the transportDomain,
>       transportAddress, securityName, and securityLevel from the
>       tmStateReference.
>       2) Lookup the session in the Local Configuration Datastore using
>       the target index " )

I do not yet see why it won't work. Please explain.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

References:
- [Isms] pre-08 for TSM document
  - From: David Harrington
- Re: [Isms] pre-08 for TSM document
  - From: David Harrington
- Re: [Isms] pre-08 for TSM document
  - From: tom.petch
- Re: [Isms] pre-08 for TSM document
  - From: Juergen Schoenwaelder
- [Isms] tm table was Re: pre-08 for TSM document
  - From: tom.petch

Prev by Date: [Isms] tm table was Re: pre-08 for TSM document
Next by Date: Re: [Isms] pre-08 for TSM document
Previous by thread: [Isms] tm table was Re: pre-08 for TSM document
Next by thread: Re: [Isms] tm table was Re: pre-08 for TSM document
Index(es):
- Date
- Thread

Re: [Isms] tm table was Re: pre-08 for TSM document

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.