1 RFC 4247 Update Status draft-ietf-netconf-rfc4742bis-01.txt Margaret Wasserman IETF 78, Maastricht July 26, 2010.

Slides:

Advertisements

Similar presentations

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Advertisements

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Draft-ietf-sipping- offeranswer- 02 Primary author: Takuya Sawada Presenting: Paul Kyzivat IETF-69 July,2007.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Software environment Sander Stuijk January 18th, 2006.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.

Computation for Physics 計算物理概論 Introduction to Linux.

HIP API issues in base spec Tom Henderson IETF-59, March 3, 2004.

User Authentication By Eric Sita. Message Security Privacy: To expect confidentiality from a sender. Authentication: To be sure of someone's identity.

draft-ietf-netconf-call-home-01

XCON Interim Meeting Boston, MA May 26, Note Well All statements related to the activities of the IETF and addressed to the IETF are subject to.

Python and REST Kevin Hibma. What is REST? Why REST? REST stands for Representational State Transfer. (It is sometimes spelled "ReST".) It relies on a.

Netconf Monitoring IETF 70 Mark Scott Sharon Chisholm Hector Trevino

Draft-thomson-geopriv-res-gw-lis-discovery Ray Bellis Nominet UK IETF79.

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,

IETF 61 (November 2004) MMUSIC1 Application sharing Henning Schulzrinne Jonathan Lennox Jason Nieh Ricardo Baratto Columbia University.

User Access to Router Securing Access.

Identities and Network Access Identifier in M2M Page 1 © GPP2 3GPP2 and its Organizational Partners claim copyright in this document and individual.

Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.

EAP Key Framework Draft-ietf-eap-keying-01.txt IETF 58 Minneapolis, MN Bernard Aboba Microsoft.

March 15, 2005 IETF #62 Minneapolis1 EAP Discovery draft-adrangi-eap-network-discovery-10.txt Farid Adrangi ( )

Transport Layer Security (TLS) IETF-72, Dublin July 27, 2008 Chairs: Eric Rescorla Joseph Salowey.

03/20/10Plug-and-Play Deployment of Network Devices Tina TSOU Juergen Schoenwaelder

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-ietf-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning Schulzrinne.

Hiroyasu Kimura, Yoshifumi Atarashi, and Hidemitsu Higuchi

Data Acquisition in a PACS Weina Ma Sep 24 th, 2013.

FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.

SIP working group IETF#70 Essential corrections Keith Drage.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

LOGGING IN & ROLES PolicyTech Business & Financial Affairs

© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.

Page 1 IETF Speermint Working Group Speermint Requirements/Guidelines for SIP session peering draft-ietf-speermint-requirements-02 IETF 69 - Monday July.

Management Considerations Sharon Chisholm

IETF #86 - NETCONF WG session 1 NETCONF WG IETF 86 - Orlando, FL, USA MONDAY, March 11, Bert Wijnen Mehmet Ersue.

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

Abierman-netconf-mar04 1 NETCONF WG 59th IETF Seoul, Korea March 3, 2003 March 4, 2003.

Understand Internet Security LESSON Security Fundamentals.

IETF #84 - NETCONF WG session 1 NETCONF WG IETF 84, Vancouver, Canada MONDAY, July 30, Bert Wijnen Mehmet Ersue.

ISMS IETF72 David Harrington. Status IETF72 Transport Subsystem for the Simple Network Management Protocol (SNMP) –IETF69: draft-ietf-isms-tmsm-09.txt.

SSHSM Issues David Harrington IETF64 ISMS WG Vancouver, BC.

IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.

Presentation at ISMS WG Meeting1 ISMS – March 2005 IETF David T. Perkins.

DHCPv6bis update DHC WG, IETF90 draft-dhcwg-dhc-dhcpv6bis-02 Andrew Yourtchenko, Bernie Volz, Marcin Siodelski, Michael Richardson, Sheng Jiang, Ted Lemon,

RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: September 16, 2010 Presented at IEEE session.

IETF #81 - NETCONF WG session 1 NETCONF WG IETF 81, Quebec City, Canada MONDAY, July 25, Bert Wijnen Mehmet Ersue.

IETF #82 - NETCONF WG session 1 NETCONF WG IETF 82, Taipei, Taiwan TUESDAY, November 15, Afternoon Session III Bert Wijnen Mehmet Ersue.

Multiple Interfaces (MIF) WG documents status MIF WG IETF 80, Prague Problem statement and current practices documents.

IETF68 DIME WG Diameter Applications Design Guidelines Document (draft-fajardo-dime-app-design-guide-00.txt)

IETF #85 - NETCONF WG session 1 NETCONF WG IETF 85, Atlanta, USA WEDNESDAY, November 7, Bert Wijnen Mehmet Ersue.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

RADIUS Attributes for Management Authorization David B. Nelson IETF 66, RADEXT WG July 10, 2006.

1 Example security systems n Kerberos n Secure shell.

Draft-ietf-netconf-server-model-04 NETCONF Server Configuration Model

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

Windows 7 Ultimate

Open issues with PANA Protocol

Module 8: Networking Services

draft-ietf-netconf-reverse-ssh

Bing Liu (Ed.) , Guangying Zheng Nov 2014

FTP - File Transfer Protocol

Network Selection Issues

DHCP Anonymity Profile Update

draft-ipdvb-sec-01.txt ULE Security Requirements

RFC 5539 Update Status draft-badra-netconf-rfc5539bis-00

MESSAGE ACCESS AGENT: POP AND IMAP

YANG Data Models for TE and RSVP draft-ietf-teas-yang-te-21 draft-ietf-teas-yang-rsvp-11 draft-ietf-teas-yang-rsvp-te-07 Tarek Saad, Juniper Networks Rakesh.

YANG Data Models for TE and RSVP draft-ietf-teas-yang-te-21 draft-ietf-teas-yang-rsvp-11 draft-ietf-teas-yang-rsvp-te-07 Tarek Saad, Juniper Networks Rakesh.

Presentation transcript:

1 RFC 4247 Update Status draft-ietf-netconf-rfc4742bis-01.txt Margaret Wasserman IETF 78, Maastricht July 26, 2010

2 Status Document last updated in June 2010 Two issues raised: –Additional tuning needed for operation vs. command wording. Resolved on list, resolution confirmed on July 15, –SSH user name issues raised by Juergen Schoenwaelder. Not yet resolved.

3 SSH Username Issue RFC 4741bis has been updated to say: –The authentication process MUST result in an authenticated client identity whose permissions are known to the server. So, the NETCONF over SSH spec must state how the NETCONF application running on the SSH server can obtain a user name. However, here is no standard way for an application running on an SSH server to determine a user name for the current a session.

4 Possible Solution #1 For each SSH authentication protocols, state whether the SSH user name is found in SSH_MSG_USERAUTH_REQUEST. If not, state how it should be found instead. Issues: violates abstraction, bypasses implementation-supported ways to get this information, some SSH servers modify client- provided user name to get actual local user name (e.g. mrw => lilac\mrw on Windows).

5 Possible Solutions #2 RFC 5592 (the SSH model for SNMP) says in section 4.1.1, “How the SSH user name is extracted from the SSH layer is implementation-dependent.” Would it be acceptable to similarly state that the method to obtain a user name in NETCONF over SSH is implementation-dependent?