[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

My minutes from Minneapolis meeting

To: grip-wg@UU.NET
Subject: My minutes from Minneapolis meeting
From: Tristan Debeaupuis <Tristan.Debeaupuis@hsc.fr>
Date: Tue, 16 Mar 1999 02:41:25 +0100
Cc: Harald Tveit Alvestrand <Harald@Alvestrand.no>
Comment: grip-wg mailing list add/drop requests to Majordomo@TransSys.COM

Last group to send minutes in Orlando, but maybe the first in Minneapolis ?
:-)

Here are just my minutes from the Minneapolis GRIP WG meeting. Maybe to be
completed.

  GRIP WG meeting - Minneapolis
  Tristan Debeaupuis
  15th, March 1999

  1.  Agenda
  ----------

  15:30-15:40     Review Agenda
  15:40-16:00     Review Expectations for ISP-ISP Security Coordination
  16:00-16:20     Review Consumer Checklist for ISPs
  16:20-16:40     Site Security Handbook Addendum for ISPs
  16:40-17:00     Review Security Expectations for Product Vendors
  17:00-17:15     Open Discussion; Document Authors
  17:15-17:30     Next Steps

  After discussion, the new agenda is :

  Modified :
  15:30-15:40     Review Agenda
  16:00-16:20     Review Consumer Checklist for ISPs
  15:40-16:00     Review Expectations for ISP-ISP Security Coordination
  16:40-17:00     Review Security Expectations for Product Vendors
  17:00-17:15     Open Discussion; Document Authors
  17:15-17:30     Next Steps

  17 people are attending this meeting.

  2.  Review Consumer Checklist for ISPs
  --------------------------------------

  Tony Hansen (ATT) presents alternatives for the ISPs and Security
  Incident Response Teams chapters look-and-feel.

  The main idea in Orlando was to create a list of questions.

  There is a consensus that we need an appendix with the list of all
  questions.  This list will be created just before submitting to the
  IESG.  The Appendix will not be maintained separatly from the core
  document.

  The presentation will be :

  ·  questions for this paragraph,

  ·  explanations following.

  Comments on the document :

  ·  About the title : The title "Security Expectations for Internet
     Service Provider Consumers" has to be modified for "Security
     Checklist for Internet Service Provider Consumers".

     The abstract has also to reflect this change.

     Other remarks about the document :

  ·  Section 2.1 : discussions about the use of "incident handling",

  ·  Section 2.2 : "Assistance with inbound security incident" incident
     targeting consumers : the procedure for informing about incident
     has to be modified.  The Section 2.2 will be response to attack,
     What help will you get from ISP ?  What are you going to be told if
     someone attacks you ?
  ·  Section 2.3 : this becomes "What sort of security information the
     ISP will be made available to you ?"

  ·  Section 2.4 : comments on the list has to be integrated.

  ·  Section 2.5 : give some examples of "secure channels". Secure Web,
     Secure Email, telephone, fax, ...

  ·  Section 3 : What is a security policy ?

  ·  Section 3.2 : The first sentence has to be rewritten.

  ·  Section 3.4 : Are the policy public and where are they published ?

  ·  Section 4 : not appropriate for this document.

  ·  Section 5 and 6 : discussion delayed in the mailing list.


  3.  Review Consumer Checklist for ISPs
  --------------------------------------


  ·  Section 2.1 : comments in the mailing list has to be integrated,

  ·  Section 2.3 : this section has to be synchronised with the previous
     document (Security Checklist for Internet Service Provider
     Consumers), especially the last sentence.

  ·  Section 2.4 and 2.5 should be removed from this document. How does
     ISP deal with security incident that involved them ?

  ·  Section 2.3 : if you discover a vulnerability, you should act that
     the right people know it.

  ·  Section 2.5 : Contacts

  ·  Section 3 : AUP, same comment on 3.2 about english. "Announcing to
     the community ..."

  ·  Section 4 : a reference to the site security handbook RFC to be
     added,

  ·  Section 4.1, 4.2 : some duplications to be removed.

  ·  Section 4.1 : ISP should 'SWIP' or equivalent.

  ·  Section 4.2 : A transition sentence explaining that the advice
     given is not going to prevent bogus announcement is needed.

  ·  Section 4.3 and 4.4 are already in RFC 2265, so has to be removed.

  ·  Section 4.6 : there is a proposal to change default way to accept
     directed broadcast to the opposite. Must add the reference to
     "Changing the Default for Directed Broadcasts in Routers", D.
     Senie, 02/22/1999, draft-senie-directed-broadcast-02.txt

  ·  Section 5 : to be removed from this document. Will go to an SSH
     addendum.


  4.  Site Security Handbook Addendum for ISPs
      ----------------------------------------

  Goal, to finish current documents in Oslo.  New drafts "SSH addendum
  for ISP", Tristan will be the editor.
-- 
Tristan.Debeaupuis@hsc.fr -=- Herve Schauer Consultants -=- TD1678

Prev by Date: GRIP drafts: Use of RFC 2142 (mailbox names)
Next by Date: Minutes of GRIP working group meeting
Previous by thread: GRIP drafts: Use of RFC 2142 (mailbox names)
Next by thread: Minutes of GRIP working group meeting
Index(es):
- Date
- Thread