Re: [Isms] ISMS charter broken- onus should be on WG to fix it
Eliot Wes received the obvious feedback that operators find SNMP Eliot unusable with the USM model because they cannot integrate it Eliot with their existing security infrastructures and there is no Eliot denying that this is a real problem. But this is NOT the only Eliot problem operators face with SNMP. FYI, there was a other comments field in the survey that the operators filled out. I just went back and reviewed everything entered into that space and no one asked for anything like the CH functionality, nor did they even mention NATs or firewalls at all. That being said, that wasn't the point of the survey and I do think the problem shouldn't be forgotten. I think we'd be stupid to let the work go forward and do something that deliberately prevented CH functionality from being usable in the ISMS/SSH draft. However, everything needs to be weighed and I do think we should make sure it's possible till we run into a problem. At that time we'd have to evaluate the choices to decide which was more important (the potential problem being unknown at this time of course). I'm not sure the charter needs to explicitly state that we must consider call home support. It sounds like there is enough energy to make sure we don't blow it. I would strongly object to anything that says we must support it, because as has been stated many times that's not the point of the WG. At the same time, I think we'd be idiots not to at the very least leave room for it (but then, I think we're not being wise for dropping the consideration of a UDP solution too, so...) -- Wes Hardaker Sparta, Inc. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Fw: IETF Tools
Fred Baker posted the following note to v6ops, and other versions may be floating around other mailing lists, but I wanted to follow up to a wider distribution. - The IETF tools site IS continuing to add really cool functionality (as detailed by Bert/Fred below), but I haven't seen anything broadly distributed about one of the most helpful additions. - If you go to http://tools.ietf.org/wg/ and select a specific working group, you get the working group drafts that you can get from other places, but you ALSO get Related Documents, which is basically any non-working group Internet Drafts that have -(working group name)- as a component in the filename. - So, if you select http://tools.ietf.org/wg/v6ops/, you don't just get the WG drafts, you also get a list of documents with titles like draft-baker-v6ops-end2end-00.txt - not a working group draft, but of interest. - This makes scraping all of the drafts that will be discussed in a face-to-face meeting a LOT easier than cut-and-pasting draft names from a text agenda (of course, the tools page also provides HTML-ized agendas, if the text agendas included actual draft names - see http://tools.ietf.org/wg/v6ops/agenda for an example). - The definition of related means includes -(working group name)- in the filename, so if Fred had named his draft draft-baker-hamster-end2end-00.txt, it would not have appeared as a related document, unless we end up with a working group called hamster (Host-Agile Multihomed Streaming Terrabit Error Reporting would be an awesome BoF name, though). - So, there's a real incentive to include working group names in your draft filename, if the draft actually targets a specific working group... Thanks again to the Tools Group, for continuing to hack away at stuff like this. Spencer From: Fred Baker [EMAIL PROTECTED] To: v6ops@ops.ietf.org Sent: Tuesday, September 13, 2005 12:58 PM Subject: IETF Tools Forwarded from Bert Wijnen, with some slight hacking for relevance... Goto http://tools.ietf.org If you want to see nits or diffs for any I-D in your WG, you can find them on the IETF Tools Page too! If you go to WG status pages, you get to: http://tools.ietf.org/wg/ From there you can go to your (or any) WG. See for example: http://tools.ietf.org/wg/v6ops/ You can click on dependencies and get to: http://rtg.ietf.org/~fenner/ietf/deps/viz/v6ops.pdf Of you can click on document draft-ietf-v6ops-bb-deployment-scenarios and you get to: http://tools.ietf.org/wg/v6ops/draft-ietf-v6ops-bb-deployment- scenarios/ from there you can see the file itself, any nits (ID-checklist) that were found, the diff bnetween all the versions etc. Very usefull information for authors, WG chairs, WG reviewers actually for everyone! Not sure everyone is really aware of it. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: The IETF has difficulty solving complex problems or alternatively Why IMS is a big fat ugly incomprehensiable protocol
On 14:32 13/09/2005, Pekka Nikander said: OTOH, maybe I am just a dreamer and totally off the ground here? No, you are not! However the problem with a vision is to know where the boarder is between dreams and real future. This is why I prefer a more prosaïc model which gives a simple image everyone can easily understand in the same way. For example, everyone - knowing the e2e principles can escalate it to a b2b concept of brain to brain interintelligibility when it comes to human languages (inter-brains protocols). And understand very simply why internationalisation is e2e and multilingualisation is b2b. Two different layers. For example, everyone - knowing the e2e principles car enlarge their mono vision to a 'n.(e2e)' multi vision: - where e2e principles are respected in multilple parallel [split, into simpler - as per RFC 1958] relations, - where link ends are welded together and the edges (OPES) to provide real final added value: not on the wire [as an impossible e2e added value ] but as an added e2e's value. And understand that an OPESed SMTP does not need to read an e2e mail when a parallel e2e link told it the mail did not originate from the other end it claims. Another way to be sure you are not a dreamer is to look if your idea worked in the preceding public international network deployments (Tymnet, OSI). Obviously you have to translate it in/from IETF words ... and be opposed many this is not an Internet way Another way to discriminate between dreams and reality: if you are really alone of your opinion, you are right. Because it is not possible the words counts so many wise people. This is the 80/20 rule. As long as the true majority is less than 80 the situation is stable. Over that the minority is probably the coming revolution. This is the difficulty in reaching a consensus. If 100% more or less the noise(rough consensus): we all agree, right or wrong. A 5 to 20% opposition is probably right. The big difficulty is to discriminate between noise and less than 5%. We are back to your question jfc PS. Here is a quote of a mail to a WG-Chair who prefers to stick to his charter and see his WG die, instead of working on its revamp based on the WG's acquired expeirence. Conflict between requested engineering and lack of IAB exciting architectural proposition. This is why I have decided to proceed in parallel, using IETF Drafts so information will continue to flow. May be will this increase the ad-hominems as the economics will also increase. But at least we will go ahead. The architectural error is democracy. I never asked my phone or my computer to be democratic: I ask them to work. Reseach is not democractic. The error is the IETF consensus: the consensus was OK in the early days when everyone was standardiser, experimenter and user. Now when seven employees of the members of a commercial consortium represent a consensus for a BCP against (RFC 3863 included) the users, the only solution for the users is to renew with the old system and to specify, test and use by themselves. The problem is that users are disorganised, so they will develop in parallel, and we will have balkanisation. Too bad. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Fw: IETF Tools
As Spencer says, if you haven't looked recently, you really should. Let me just give a big Thanks to Henrik and the tools team for the work that has gone into tools.ietf.org. It is an incredibly useful resource. That is the first place I go when I want to see what the status of something is in a WG. There is a wealth of detailed information presented in a very nice format. Enough said. Thomas ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: [Isms] ISMS charter broken- onus should be on WG to fix it
Ned Freed wrote: If I were to object to Eliot's proposal (I don't - in fact I strongly support it), it would be on the grounds that the IETF should be taking a long hard look at the issues surrounding call home in general, not just in the special case of SNMP. I'll bite: what could the IETF do if it looked long and hard? Mike ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Fw: IETF Tools
This is a great tool and I am (was) thinking that this would help identify contributions to WG1 that may be related to WG2 by listing both the names in the title. For instance, the MSEC WG has some IPSEC related documents. For example, http://tools.ietf.org/wg/msec/draft-ietf-msec-ipsec-signatures. But for some reason that I-D does not show up in the IPSEC page of the tools pages. Perhaps it is a bug or perhaps that is so because IPSEC is closed. Anyway, I am hoping we can use this to facilitate cross-wg (or cross-area) review. thanks and regards, Lakshminath At 07:13 AM 9/14/2005, Spencer Dawkins wrote: Fred Baker posted the following note to v6ops, and other versions may be floating around other mailing lists, but I wanted to follow up to a wider distribution. - The IETF tools site IS continuing to add really cool functionality (as detailed by Bert/Fred below), but I haven't seen anything broadly distributed about one of the most helpful additions. - If you go to http://tools.ietf.org/wg/ and select a specific working group, you get the working group drafts that you can get from other places, but you ALSO get Related Documents, which is basically any non-working group Internet Drafts that have -(working group name)- as a component in the filename. - So, if you select http://tools.ietf.org/wg/v6ops/, you don't just get the WG drafts, you also get a list of documents with titles like draft-baker-v6ops-end2end-00.txt - not a working group draft, but of interest. - This makes scraping all of the drafts that will be discussed in a face-to-face meeting a LOT easier than cut-and-pasting draft names from a text agenda (of course, the tools page also provides HTML-ized agendas, if the text agendas included actual draft names - see http://tools.ietf.org/wg/v6ops/agenda for an example). - The definition of related means includes -(working group name)- in the filename, so if Fred had named his draft draft-baker-hamster-end2end-00.txt, it would not have appeared as a related document, unless we end up with a working group called hamster (Host-Agile Multihomed Streaming Terrabit Error Reporting would be an awesome BoF name, though). - So, there's a real incentive to include working group names in your draft filename, if the draft actually targets a specific working group... Thanks again to the Tools Group, for continuing to hack away at stuff like this. Spencer From: Fred Baker [EMAIL PROTECTED] To: v6ops@ops.ietf.org Sent: Tuesday, September 13, 2005 12:58 PM Subject: IETF Tools Forwarded from Bert Wijnen, with some slight hacking for relevance... Goto http://tools.ietf.org If you want to see nits or diffs for any I-D in your WG, you can find them on the IETF Tools Page too! If you go to WG status pages, you get to: http://tools.ietf.org/wg/ From there you can go to your (or any) WG. See for example: http://tools.ietf.org/wg/v6ops/ You can click on dependencies and get to: http://rtg.ietf.org/~fenner/ietf/deps/viz/v6ops.pdf Of you can click on document draft-ietf-v6ops-bb-deployment-scenarios and you get to: http://tools.ietf.org/wg/v6ops/draft-ietf-v6ops-bb-deployment- scenarios/ from there you can see the file itself, any nits (ID-checklist) that were found, the diff bnetween all the versions etc. Very usefull information for authors, WG chairs, WG reviewers actually for everyone! Not sure everyone is really aware of it. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: The IETF has difficulty solving complex problems or alternatively Why IMS is a big fat ugly incomprehensiable protocol
On 13-sep-2005, at 14:32, Pekka Nikander wrote: So, as I state in my little web page, I think we really should work hard to create a new waist for the architecture. I, of course, have my own theory where the new waist should be and how it should be implemented, Well, don't be shy: where can we absorb these insights? (As far as I can tell the architecture that so many IETFers ignore is anything that doesn't cause too much visible breakage goes, against which resistance is exactly the right response.) ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Fw: IETF Tools
on 2005-09-14 22:20 Thomas Narten said the following: As Spencer says, if you haven't looked recently, you really should. Let me just give a big Thanks to Henrik and the tools team for the work that has gone into tools.ietf.org. It is an incredibly useful resource. That is the first place I go when I want to see what the status of something is in a WG. There is a wealth of detailed information presented in a very nice format. Enough said. On behalf of the whole team, thanks to you all. I believe the driving force for us is to prototype and specify tools which make the work easier, leaving more time and energy available for the content and purpose of the IETF work rather than the mechanics. There will continue to be incremental additions and refinements to the tools which are already on the site, so suggestions and contributions are very welcome. We're also working on new stuff which we hope you'll like :-) Henrik ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Fw: IETF Tools
Hi Lakshminath, on 2005-09-14 22:48 Lakshminath Dondeti said the following: This is a great tool and I am (was) thinking that this would help identify contributions to WG1 that may be related to WG2 by listing both the names in the title. For instance, the MSEC WG has some IPSEC related documents. For example, http://tools.ietf.org/wg/msec/draft-ietf-msec-ipsec-signatures. But for some reason that I-D does not show up in the IPSEC page of the tools pages. Perhaps it is a bug or perhaps that is so because IPSEC is closed. Anyway, I am hoping we can use this to facilitate cross-wg (or cross-area) review. Ah! Good catch! :-) For the 'related' drafts, I only considered non-wg drafts -- but the cross-wg drafts are obviously at least as relevant. I've fixed the code, and both sites should be updated within an hour. Henrik ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Fw: IETF Tools
I've fixed the code, and both sites should be updated within an hour. ... and this is the OTHER reason people should be looking at the IETF tools website - if you have feedback on what the tools do and how they can be improved, updates usually happen really quickly :-) Spencer ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: [Isms] ISMS charter broken- onus should be on WG to fix it
Ned Freed wrote: If I were to object to Eliot's proposal (I don't - in fact I strongly support it), it would be on the grounds that the IETF should be taking a long hard look at the issues surrounding call home in general, not just in the special case of SNMP. I'll bite: what could the IETF do if it looked long and hard? Well, the one approach that immediately comes to mind is that the introduction of a third party might provide a means of getting timely information about software updates without sacrificing user privacy. Such a third party would act as a repository for update information provided by vendors. Applications would then call home to one of these repositories rather than directly to the vendor. Various anonymyzing tricks could be employed to minimize information leakage even if the third party was compromised. Mind you, thiis all off the top of my head. This may not work for some reason I haven't considered, or there may be other, better approaches. Ned ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Fw: IETF Tools
Henrik Levkowetz wrote: suggestions and contributions are very welcome Minor nit, the output is still transitional using center, table layout, etc. That's fine from my POV with a legacy browser. But the right column is often much shorter than the left column (= list of WGs). And the default vertical alignment is middle, forcing me to scroll down until I see the actual content of the right column. As long as you're not yet religious about strict + CSS vs. transitional I'd like it if you'd copy the CSS hint... td { vertical-align: top; padding: 0 0 0 0; } ...to the one place where legacy browsers don't get it, i.e. s/td/td align=top/ below !-- Right Column -- As soon as you want strict this obscure td align=top would automatically vanish again, strict doesn't fly with table layout. Bye, Frank ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Fw: IETF Tools
Excellent! Many thanks for this great tool. It is already in my firefox toolbar :-). One curious side effect might be that everyone will now know if other WGs set out to make modifications to substitute your favorite protocol here; mine is IPsec, and might make life in the IETF more exciting, if it not already exciting enough :-). thanks again to the tools team, Lakshminath At 03:05 PM 9/14/2005, Henrik Levkowetz wrote: Hi Lakshminath, on 2005-09-14 22:48 Lakshminath Dondeti said the following: This is a great tool and I am (was) thinking that this would help identify contributions to WG1 that may be related to WG2 by listing both the names in the title. For instance, the MSEC WG has some IPSEC related documents. For example, http://tools.ietf.org/wg/msec/draft-ietf-msec-ipsec-signatures. But for some reason that I-D does not show up in the IPSEC page of the tools pages. Perhaps it is a bug or perhaps that is so because IPSEC is closed. Anyway, I am hoping we can use this to facilitate cross-wg (or cross-area) review. Ah! Good catch! :-) For the 'related' drafts, I only considered non-wg drafts -- but the cross-wg drafts are obviously at least as relevant. I've fixed the code, and both sites should be updated within an hour. Henrik ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Fw: IETF Tools
Hi Frank, on 2005-09-15 01:08 Frank Ellermann said the following: Henrik Levkowetz wrote: suggestions and contributions are very welcome Minor nit, the output is still transitional using center, table layout, etc. That's fine from my POV with a legacy browser. But the right column is often much shorter than the left column (= list of WGs). And the default vertical alignment is middle, forcing me to scroll down until I see the actual content of the right column. As long as you're not yet religious about strict + CSS vs. transitional I'd like it if you'd copy the CSS hint... td { vertical-align: top; padding: 0 0 0 0; } ...to the one place where legacy browsers don't get it, i.e. s/td/td align=top/ below !-- Right Column -- Hint taken :-) You can verify that I got it right on this page: http://www1.tools.ietf.org/wg/mip4/ - it should be in place for all WG pages within an hour. As soon as you want strict this obscure td align=top would automatically vanish again, strict doesn't fly with table layout. ... which is one reason I haven't gone to strict so far - I haven't found out how to work with that in such a manner that it doesn't make common, currently easy things harder... Henrik ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: [Isms] ISMS charter broken- onus should be on WG to fix it
Ned Freed wrote: Ned Freed wrote: If I were to object to Eliot's proposal (I don't - in fact I strongly support it), it would be on the grounds that the IETF should be taking a long hard look at the issues surrounding call home in general, not just in the special case of SNMP. I'll bite: what could the IETF do if it looked long and hard? Well, the one approach that immediately comes to mind is that the introduction of a third party might provide a means of getting timely information about software updates without sacrificing user privacy. Such a third party would act as a repository for update information provided by vendors. Applications would then call home to one of these repositories rather than directly to the vendor. Various anonymyzing tricks could be employed to minimize information leakage even if the third party was compromised. You mean we could invent Bitorrent? :) Mike, doesn't it strike others as odd that ietf is completely outside of the p2p bizness? ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: WG Review: Recharter of Integrated Security Model for SNMP (isms)
On Wed, 7 Sep 2005, The IESG wrote: A modified charter has been submitted for the Integrated Security Model for SNMP (isms) working group in the Security Area of the IETF. ... In order to leverage the authentication information already accessible at managed devices, the new security model will use the SSH protocol for message protection, and RADIUS for AAA-provisioned user authentication and authorization. However, the integration of a transport mapping security model into the SNMPv3 architecture should be defined such that it is open to support potential alternative transport mappings to protocols such as BEEP and TLS. The new security model must not modify any other aspects of SNMPv3 protocol as defined in STD 62 (e.g., it must not create new PDU types). If (as I have gathered from the discussion over the past few days) the last sentence quoted above means that it is out of scope for the working group to even consider solutions that allow agents and managers to work on either side of firewalls or NATs, then I think that the charter is drawn too narrowly and should be revised. Indeed, I think that it should be an explicit goal (if not a requirement) for the solution to work even when one of the parties (agent or manager) is unable to accept incoming TCP connections. That issue will have to be addressed eventually, and it is better for implementors to go through the churn once rather than twice. Mike Heard P.S. Note that I am using the words agent and manager in the traditional sense, i.e., to mean notification originator + command responder and notification receiver + command generator respectively. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
BitTorrent (Was: Re: [Isms] ISMS charter broken- onus should be on WG to fix it)
At 5:32 PM -0700 9/14/05, Michael Thomas wrote: Ned Freed wrote: Such a third party would act as a repository for update information provided by vendors. Applications would then call home to one of these repositories rather than directly to the vendor. Various anonymyzing tricks could be employed to minimize information leakage even if the third party was compromised. You mean we could invent Bitorrent? :) BitTorrent (note the spelling) does a lot of very nice things, but not those. For those interested, the BitTorrent protocol is described at http://www.bittorrent.com/protocol.html. Mike, doesn't it strike others as odd that ietf is completely outside of the p2p bizness? In this case, there is no advantage to the developer of the protocol to have it worked on in the IETF, nor even published as an RFC. It came out of one person's head, he was able to experiment with it live on the net, and he retains the ability to tweak the specs whenever he feels like it. It has worked remarkably well, given the variety of clients and servers available for the protocol, and the huge amount of traffic that is moved daily over it. --Paul Hoffman, who shares a lot of legal music and OSs with BitTorrent ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Fw: IETF Tools
Henrik Levkowetz wrote: verify that I got it right Of course you did, but my stupid browser still doesn't get it, sigh... embarassing, let's say IOU ten legacy browser tests whenever you need them. Is there any better place than this list for cases of user hallucinates technical problem with an IETF server ? I like to limit the audience before I screw up. Bye, Frank ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Fw: IETF Tools
On Wed, 14 Sep 2005, Henrik Levkowetz wrote: There will continue to be incremental additions and refinements to the tools which are already on the site, so suggestions and contributions are very welcome. We're also working on new stuff which we hope you'll like :-) A suggestion: it might be a good idea to include a changelog of user-visible changes somewhere. That way, the folks might discover the fancy new features more easily.. -- Pekka Savola You each name yourselves king, yet the Netcore Oykingdom bleeds. Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Fw: IETF Tools
Hi Pekka, on 2005-09-15 07:00 Pekka Savola said the following: [...] A suggestion: it might be a good idea to include a changelog of user-visible changes somewhere. That way, the folks might discover the fancy new features more easily.. Yes - it's only a few days away... The gray version indication which has recently appeared in the top right corner will soon lead to a page which gives you release notes and links to source code, license, proposed features, bug-tracker and whatnot. Henrik signature.asc Description: OpenPGP digital signature ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Impending publication: draft-iab-link-indications-03.txt
The IAB is ready to ask the RFC-Editor to publish Architectural Implications of Link Indications draft-iab-link-indications-03.txt as an Informational RFC. A link indication represents information provided by the link layer to higher layers regarding the state of the link. This document provides an overview of the role of link indications within the Internet Architecture, as well as considerations for their use, in order to preserve network robustness and performance. The IAB solicits comments by October 11, 2005. Please send comments to the IAB (iab@iab.org), or to [EMAIL PROTECTED] The document can be found at http://www.ietf.org/internet-drafts/draft-iab-link-indications-03.txt From the Abstract: This document describes the role of link indications within the Internet Architecture. While the judicious use of link indications can provide performance benefits, inappropriate use can degrade both robustness and performance. This document summarizes current proposals, describes the architectural issues and provides examples of appropriate and inappropriate uses of link layer indications. Leslie Daigle, For the IAB. ___ IETF-Announce mailing list IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce