[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-ietf-grip-isp-expectations-04.txt



At 10:40 AM 08/15/2000 -0700, Tom Killalea wrote:
>ISSUE 1: Open Mail Relay
>
>Jeffrey I. Schiller wrote:
>
> >Bill Woodcock wrote:
> >
> >> I'd rather see the definition of "open relay" made less
> >> technology-specific, but the injunction left in place.
> >
> >The real problem is with the definition of "open relay." I agree that we
> >need to discourage the scourge that is spam. However many of the anti-spam
> >vigilantes use an overly simple definition of "open relay" which precludes
> >systems that are more open then their definition. I would rather the IETF
> >not preclude such systems.
> >
> >                -Jeff
>
>I don't think it's possible to come up with an acceptable "less
>technology-specific" definition of "open relay", and I agree with Jeff's
>concerns, and so would like to drop the definition altogether.
>
>To do so I'd like to
>
>   1) drop the first sentence of section 5.3, and
>   2) change the second sentence from "Such open relays" to "Open relays"


I agree with this.

>________________________________________________________________________
>ISSUE 2: Appropriate Use Policy
>
>Jeffrey I. Schiller wrote:
>
> >>3 Appropriate Use Policy
> >
> >I would remove this entire section. It is completely about policy and
> >not technical standards. Furthermore the policy it promulgates is a
> >very simple and limited view. It doesn't recognize the notion that an
> >AUP may be subject to negotiation between ISP and customer. For
> >example how do you publicize a policy if some customers have
> >negotiated exemptions or special provisions.
>
>The intent is to state the desirability of an AUP (without getting
>into specifics of what should go in it) and proceed then with an
>explanation of what an AUP is - this is basically lifted straight from
>section 2.1.2 of rfc2196 ("Site Security Handbook").  The example is
>changed to make it more relevant to the audience at hand.  I think the
>section should be retained, and I like that it echoes rfc2196.  I'm open
>to persuasion.


I agree. As Jeff mentioned in the meeting, it may be that the customer 
negotiates with the isp regarding the content of the AUP, and that's just 
fine. I wouldn't be in favor of dropping the whole issue of recommending AUPs.

>________________________________________________________________________
>ISSUE 3: BGP Authentication
>
>I agree with the IESG suggestion to capitalise SHOULD, thus we get
>
>  BGP authentication [RFC2385] SHOULD be used with routing peers.

Fine.

Barb