[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Security Expectations for Internet Service Provider Consumers"
- To: Tony Hansen <tony@att.com>
- Subject: Re: "Security Expectations for Internet Service Provider Consumers"
- From: Tom Killalea <tomk@neart.ie>
- Date: Sat, 30 Jan 99 17:12:05 -0800
- Cc: grip-wg@UU.NET
- Comment: grip-wg mailing list add/drop requests to Majordomo@TransSys.COM
- In-reply-to: Your message of Sat, 23 Jan 99 18:07:51 -0500. <36AA5647.31BA0A82@att.com>
Hi Tony,
My expectation was that this document would quite literally be a
checklist of questions.
e.g.,
Do you have an AUP ?
What sanctions are enforced for breach of the AUP ?
Do you have a CSIRT ?
Do you notify affected customers of security incidents ?
Do you have a mechanism for sending/receiving encrypted e-mail ?
Do you have any hosts on transit networks ?
Do you do ingress filtering ?
Do you do egress filtering ?
Do you permit open mail relaying ?
etc.
A later section might then explain the relevance of each question, and
might even indicate what an acceptable answer would be.
Tom (who is no longer @verio.net).
>Tony Hansen wrote:
>>
>> As promised, I just submitted "Security Expectations for Internet
>> Service Provider Consumers", draft-ietf-grip-user-00.txt, to the
>> internet drafts repository. I'd expect it to arrive everywhere shortly.
>
>The draft is also available at
>
> http://home.att.net/~tony-hansen/draft-ietf-grip-user-00.txt
>
>Note: I used considerable amounts of text from
>draft-ietf-grip-isp-05.txt as the basis for this draft. I'll be working
>in folding in the isp-06/7 changes.
>
> Tony Hansen
> tony@att.com
--