Juergen, On Tue, Sep 16, 2014 at 11:40:07AM +0200, Juergen Schoenwaelder wrote: > Thanks Jeff for putting this together. Concerning section 2.1.1, I am > not sure I agree with: > > The SSH transport does not mandate authentication be done; it is an > optional feature. > > RFC 6242 says:
And that was one of the details I missed. As I've been doing my protocol homework, I missed the existence of this RFC. [...] > I also think that NC over TLS requires that both sides authenticate > and verify the certificates. I think as far as NETCONF is concerned, > all transports do actually mutual authentication. > > Perhaps there is confusion here with RESTCONF where the current > wording may be read as authentication is optional. But then, this > is not past the IESG yet. ;-) So, two obvious options for the document I wrote: - Presume restconf will address this, leave it in the requirements until it does. - Consider it pure noise, remove. But I think the major concern has been addressed. Thanks! (And in fairness to Kent, he did think it was covered as well, but we hadn't gotten to the level of RFC citations in our discussion prior to publishing this draft.) -- Jeff _______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
