Hi Pekka,
Pekka Savola wrote:
Are you saying some of the following:
1) ISMS specs should specify that the monitored hosts can/should
certainly keep open a TCP session so the network management (in both
ways) can happen over that session. (This seems pretty trivial..)
2) We should specify how network management hosts could reside behind a
firewalls which block the management ports (I don't think this is needed
or should be done).
Depending on what you mean by "network management hosts" it could be (1)
or (2) ;-) I'm saying if there is a device that wishes to to be managed
through a firewall, allow it to open a connection on a specified port
(just so that firewalls can block it). Remember, your laptop does this
today with HTTP on port 80 or HTTPS on port 443 (worse because you can't
even inspect).
Eliot
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf