[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Security Expectations for Internet Service Provider Consumers"



Hi Tony,

My expectation was that this document would quite literally be a
checklist of questions.

e.g.,

    Do you have an AUP ?
    What sanctions are enforced for breach of the AUP ?
    Do you have a CSIRT ?
    Do you notify affected customers of security incidents ?
    Do you have a mechanism for sending/receiving encrypted e-mail ?
    Do you have any hosts on transit networks ?
    Do you do ingress filtering ?
    Do you do egress filtering ?
    Do you permit open mail relaying ?
    etc.

A later section might then explain the relevance of each question, and
might even indicate what an acceptable answer would be.

Tom (who is no longer @verio.net).

>Tony Hansen wrote:
>> 
>> As promised, I just submitted "Security Expectations for Internet
>> Service Provider Consumers", draft-ietf-grip-user-00.txt, to the
>> internet drafts repository. I'd expect it to arrive everywhere shortly.
>
>The draft is also available at
>
>	http://home.att.net/~tony-hansen/draft-ietf-grip-user-00.txt
>
>Note: I used considerable amounts of text from
>draft-ietf-grip-isp-05.txt as the basis for this draft. I'll be working
>in folding in the isp-06/7 changes.
>
>	Tony Hansen
>	tony@att.com
--