Daniel,
All solutions will use a different SSH port as part of the standard just
so that firewall administrators have the ability to block.
Eliot
Daniel Senie wrote:
At 02:00 PM 9/6/2005, Dave Crocker wrote:
Eliot,
I need your help to correct for an impending mistake by the ISMS
working group in the IETF.
Your note is clear and logical, and seems quite compelling.
Is there any chance of getting a proponent of the working group's
decision to post a defense?
(By the way, I am awestruck at the potential impact of changing SNMP
from UDP-based to TCP-based, given the extensive debates that took
place about this when SNMP was originally developed. Has THIS
decision been subject to adequate external review, preferably
including a pass by the IAB?)
I agree the argument is well laid out, and would be interested in
hearing the thinking of ISMS in response.
I'm more than a bit concerned, however, when folks start talking about
solutions that will permit things to pass through firewalls without
configuration. Those in charge of firewalls are often purposely setting
policy. If there is a perceived need for a policy that prevents SNMP
traffic, then it should remain possible for the administrator of that
network element to make that call. I must say I have some concern with
overlaying SNMP on SSH, since that precludes the firewall knowing
whether the traffic is general SSH keyboard traffic or network management.
Let's hear more about the thinking involved.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf