"Eliot" == Eliot Lear <lear(_at_)cisco(_dot_)com> writes:
Eliot> Obviously what you're suggesting isn't hard to do, and I
Eliot> agree with you that in many cases use of port 22 would be
Eliot> safe (and it would certainly be true for the VAST majority
Eliot> of cases when connecting to network infrastructure).
Eliot> However, once we decide to cover the other cases where we
Eliot> are trying to give firewall administrators some leeway, I'm
Eliot> not sure there's an added advantage to adding text along
Eliot> the lines of "well, sometimes you can use port 22." For
Eliot> one it makes the tool building HARDER if the other port
Eliot> isn't LISTENED to as well, because your canned tools would
Eliot> end up playing guessing games or requiring extra
Eliot> configuration. And for our purposes I think I know of one
Eliot> SSH implementation on a general computing device that
Eliot> hardcodes the port to 22 and that implementation also
Eliot> doesn't have means to support additional applications.
I think the only reason you might want to make the change is so that:
* People authorized to use the CLI in environments that have not gotten around
to opening up the netconf port can use netconf
* People who have tunnel setups to get to ssh can also get to netconf.
However as I said, I'm not actually asking for the change just asking
people to think about it. I think that it is even more critical to
think about it for isms than for netconf simply because we're at an
earlier stage with isms.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf