Re: ISMS working group and charter problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In message <431DD3BD.9090108@xxxxxxxxx>, Eliot Lear writes:
>
>More and more voice over ip (VoIP) has gained acceptance in the market
>place.  However, the ability to debug end points real time is limited.
>Wouldn't it be nice for a manager to query a phone to determine how
>many data packets it thinks it has sent to a far end and then follow
>that stream to determine who is dropping?  In order to accomplish this
>task, the manager has to have access to a phone which, if remote, may
>well be sitting behind a firewall such as the one you have at home.

Eliot, I have very grave reservations about this.  Quite frankly, I 
don't think that arbitrary management stations should have any right 
whatsoever to connect to my devices.

I agree that the functionality you suggest is useful.  The trick is to 
permit that without permitting misbehavior.  (I'll note here that the 
interests of vendors and the interests of users are not identical.  
More and more, vendors like subscription-based models, where users keep 
on paying, to give just one example.)  This requires not just a 
view-based access control model -- where the view might be "MIB 
variables for this call only" -- but an express intent by the user to 
permit the access for that particular call.  This demands a different 
notion of "view" than has been traditional; it also implies a user 
interface issue and -- given the existence of firewalls -- a multi-
party protocol:  my endpoint, your endpoint, my management proxy (which 
is accessible through the firewall), your management proxy, and the 
vendor's diagnostic station.  I'd be hard-pressed to see this as within 
scope for ISMS.  It may, however, be a very nice subject for a separate 
working group.

>Furthermore, if the phone wants to send a notification to a manager, it
>too is likely to reside behind a firewall.

Not if the site is properly managed.  The manager's port should be 
exposed to the outside.  Just as web servers have to permit inbound 
port 80 and mail servers have to permit inbound port 25, a management 
station has to accept its own traffic.  A firewall can, at best, 
protect the other ports on the machine -- but those should be turned 
off anyway.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]