Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hiroyasu Kimura, Yoshifumi Atarashi, and Hidemitsu Higuchi

Published byGyles Stephens Modified over 8 years ago

Similar presentations

Presentation on theme: "Hiroyasu Kimura, Yoshifumi Atarashi, and Hidemitsu Higuchi"— Presentation transcript:

1 Hiroyasu Kimura, Yoshifumi Atarashi, and Hidemitsu Higuchi
84th IETF meeting NETCONF over WebSocket ( Tomoyuki Iijima, (Hitachi) Hiroyasu Kimura, Yoshifumi Atarashi, and Hidemitsu Higuchi (Alaxala Networks) Hi, I’m Tomoyuki Iijima from Hitachi. I’m going to talk about the NETCONF over WebSocket.

2 Objective of this I-D To propose a way of sending NETCONF over WebSocket protocol. But, we do not intend to make this proposal as mandatory. First of all, this is the objective of this I-D. Objective of this I-D is to propose a way of sending NETCONF over WebSocket protocol. But, we do not intend to make this proposal as mandatory.

3 Changes since the last IETF meeting
As per comments received at the last IETF meeting, we’ve made following changes. Changed description about NETCONF username. We propose extracting information about NETCONF username from TLS. WebSocket needs TLS for ensuring security. Thus, using information in TLS is necessary in order to ensure that NETCONF user is the very person who is authenticated by TLS (certificate). We think, for this purpose, complying with Mr. Badra’s I- D is the best approach since reinventing the wheel is not welcomed. After the previous meeting, we’ve made following changes. First, we’ve added description about NETCONF username authentication. Specifically, we’ve proposed the use of Cookie for NETCONF username at the time of WebSocket opening handshake. And, we’ve added description that this proposal is not limited to browser-based NMS. If implemented as application-based NMS, this I-D can be used to manage large NW.

4 NETCONF username from TLS
I haven’t implemented all of the Mr. Badra’s algorithms yet . But I’ve confirmed that it’s possible for a NETCONF server supporting WebSocket to get TLS Certificate during TLS handshake by, for example, using HTTP server’s API, or seeing SSL_context through SSL_socket. NETCONF server example. public class NetconfWebSocketServlet extends WebSocketServlet{ @Override void doGet(HttpServletRequest req, HttpServletResponse res){ X509Certificate[ ] certificates = (X509Certificate[ ])req.getAttribute(“…X509Certificate”); // NETCONF server can see client’s TLS certificate sent during TLS handshake here. } public WebSocket doWebSocketConnect(HttpServletRequest req, String protocol){ // NETCONF server can see messages sent over WebSocket here. As I mentioned before, we propose the use of Cookie for NETCONF username. The advantage of Cookie is “ease of use.” To set Cookie field at NETCONF client, following API is used. And to get Cookie field at NETCONF server, there’re APIs provided by WebSocket server implementations. To realize this, “Cookie Name” of something like “netconf_username” should be defined. And “Cookie Value” should be set by NETCONF client as “foo,” for example. And, above data should be sent at the time of WebSocket opening handshake from NETCONF client. And above data should be used for NETCONF username authentication at NETCONF server.

5 NETCONF message NETCONF Client WS Client WS Server NETCONF Server
Load html file TLS handshake NETCONF username GET (HTTP server) Start WebSocket (API) GET upgrade: WebSocket protocol: NETCONF HTTP/ upgrade: WebSocket protocol: NETCONF WebSocket handshake <hello> The sequence of exchanging NETCONF messages becomes as follows. At the time of WebSocket handshake, name of subprotocol and NETCONF username have to be sent. When netconf username is authenticated, WebSocket connection is established. After WebSocket connection is established, NETCONF messages are exchanged. After NETCONF session is established by <hello> exchange and session ID allocation, NETCONF notifications are sent from NETCONF server. <hello> NETCONF messages on a single session <create-subscription> <notification>

6 Conclusions We proposed a way of sending NETCONF over WebSocket protocol. We proposed extracting NETCONF username from TLS, that is complying with Mr. Badra’s algorithms. Does WG have interests? If YES, should this I-D move forward as an Experimental I-D? In conclusion, we proposed a way of sending NETCONF over WebSocket protocol. And, we proposed a usage of Cookie for NETCONF username authentication. Does WG have interests? If YES, should this I-D move forward as an Experimental I-D? That’s it for our presentation.

Download ppt "Hiroyasu Kimura, Yoshifumi Atarashi, and Hidemitsu Higuchi"

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
71 th IETF meeting Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-06) Tomoyuki Iijima, Yoshifumi Atarashi, Hiroyasu.

71 th IETF meeting Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-06) Tomoyuki Iijima, Yoshifumi Atarashi, Hiroyasu.
Java Server Pages (JSP)

Java Server Pages (JSP)
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
THE CASE FOR PREFETCHING AND PREVALIDATING TLS SERVER CERTIFICATES Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson, Dan Boneh Presented by:

THE CASE FOR PREFETCHING AND PREVALIDATING TLS SERVER CERTIFICATES Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson, Dan Boneh Presented by:
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Objectives Ch. D - 1 At the end of this chapter students will: Know the general architecture and purpose of servlets Understand how to create a basic servlet.

Objectives Ch. D - 1 At the end of this chapter students will: Know the general architecture and purpose of servlets Understand how to create a basic servlet.
18-Jun-15 JSP Java Server Pages Reference: Tutorial/Servlet-Tutorial-JSP.html.

18-Jun-15 JSP Java Server Pages Reference: Tutorial/Servlet-Tutorial-JSP.html.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Application Layer Protocol Negotiation

Application Layer Protocol Negotiation
JSSE API University of Palestine Eng. Wisam Zaqoot April 2010.

JSSE API University of Palestine Eng. Wisam Zaqoot April 2010.
Java Server Pages B.Ramamurthy. Topics for Discussion 8/20/20152 Inheritance and Polymorphism Develop an example for inheritance and polymorphism JSP.

Java Server Pages B.Ramamurthy. Topics for Discussion 8/20/20152 Inheritance and Polymorphism Develop an example for inheritance and polymorphism JSP.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Similar presentations

Ads by Google