> I see that there is a lot of work around SSH connection > protocol and its potential use in new protocols. I have not > followed these developments. There must have been a good > reason for it. I would like to understand why people object > to SSL, which is a well established technology. Any pointers?
I agree that SSL is widely deployed, especially for e-commerce. Nobody has objected to SSL. In many ways, the ISMS decision was 6-of-one, half-dozen of the other - so ISMS picked the one that Netconf had chosen. ISMS chose SSH to work on first; there is nothing that precludes also developing a transport mapping security model for SSL, except the desire to limit standards options to improve interoperability, and volunteer manpower. The ISMS and Netconf WGs chose SSH because it is widely used by operators to perform management tasks, there was a Netconf draft that could be adapted for ISMS usage, and having "balanced" security across management inetrfaces makes sense. If CLI, Netconf, and SNMP run over SSH, and syslog runs over SSL, that may make it harder to ensure that the security characteristics of the four management interfaces are equivalent. Netconf wants to add notifications, and I believe they are considering trying to use syslog as their notification approach. That might be easier if syslog worked over the same secure transport as Netconf. David Harrington [EMAIL PROTECTED] _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
