draft-kwatsen-reverse-ssh submission for review

[Kent Watsen <kwatsen%juniper.net@localhost>]

Since the SECSH working group has concluded, the Security Area Directors, Sean and Stephen, recommended posting an announcement regarding this individual submission to the SAAG and IETF-SSH mailing lists.  


   http://tools.ietf.org/html/draft-kwatsen-reverse-ssh-00

   Abstract

      This memo presents a technique for a SSH (Secure Shell) server to
      initiate the underlying TCP connection to the SSH client.  This role
      reversal is necessary in cases where the SSH client would otherwise
      be unable to initiate an SSH connection to the SSH server, such as a
      device "calling home" on its first boot.


I come from the NETCONF and NETMOD working groups, and this submission has been developed primarily to support NETCONF, though it's applicable to any SSH-based protocol and actually has little to do with NETCONF at all, which is why it is brought here for your consideration.

FWIW, Juniper has implemented a variant of this proposal, called "outbound-ssh", on almost all its platforms for nearly 5 years now.  The solution presented in this I-D, being fully transparent to the SSH protocol, has been shown to be easy to implement across various operating systems and programming languages.


PS: I just subscribed to both the SAAG and IETF-SSH lists - cheers!

Thanks,
Kent

--
Kent Watsen
JSBU/DBU Architect
Juniper Networks