[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: netsec-reqs document: what is, where it is, what to call it.

To: ericb@digitaljunkyard.net
Subject: Re: netsec-reqs document: what is, where it is, what to call it.
From: gmj@pobox.com
Date: 19 Mar 2003 19:19:12 -0500
Cc: gmj@pobox.com, randy@psg.com, opsec@ops.ietf.org, morrowc@ops-netman.net, lamour@uu.net, mkrause@uu.net
In-reply-to: <gu9wuivdto2.fsf@rivendell.digitaljunkyard.net>
References: <m3y93bqic1.fsf@apire.port111.com><gu9wuivdto2.fsf@rivendell.digitaljunkyard.net>
Reply-to: gmj@pobox.com
User-agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)

The previous reply was partial.  Apologies.

ericb@digitaljunkyard.net writes:

> This document comes from very base origins.

Enlightened self interest.
> 
> g> Why this matters?
> 
> g>      We have comments to integrate now.  We need to know
> g>      what sort of document is being produced to 
> g>      integrate them properly.
> 
> Personally, I think that the original mission of the document is as
> yet uncompleted.  It might be appropriate to split the document, it
> might not.  Whichever way you go, at least one document should come
> out of this where end users swap ideas for security enhancements, and
> then present them to the vendors with the power of collective
> bargaining.
> 
> This is a moving target. 

Right.  But there have to be versions of the document that are 
stable enough to reference.

> Bad things on the Internet evolve rapidly,
> old requests get implemented or supplanted.  You will never get
> multiple customers with different focuses (or even customers with
> similar focuses) to agree on a set of features, and certainly not a
> priority list for implementation of those features.  It may be that
> this should not really be a document, but that the existing document
> should be a foundation for a forum.  There, enhancements can be
> suggested, discussed, refined, and prioritized.  Different customers
> can sign up for different enhancements, and then vendors can check in
> and make informed decisions on what to implement next.

See the "profiles" (core, edge, etc) at the end of the document.
We anticipated something like this.  At least one of the people
on this list (Merike) is interested in seeing improvemnts 
in the security of small devices, cable modems, etc.  If we
make the "document" a collection of requiremnts into which
profiles point, I think we can achieve what you're after.

This could be a different kind of document...dynamic.

> 
> SourceForge, anyone?

Sound like a plan.   Anybody know the rules for the use of sourceforge ?

Bugzilla was just mentioned in the IETF SSH WG (where I am at the moment)
as one possibility.  Anybody have experience with/access to Buzilla ?

>  Push for Cisco to open source IOS? 

No comment ;-)

---George

References:
- netsec-reqs document: what is, where it is, what to call it.
  - From: gmj@pobox.com
- Re: netsec-reqs document: what is, where it is, what to call it.
  - From: ericb@digitaljunkyard.net

Prev by Date: Re: netsec-reqs document: what is, where it is, what to call it.
Next by Date: Re: netsec-reqs document: what is, where it is, what to call it.
Previous by thread: Re: netsec-reqs document: what is, where it is, what to call it.
Index(es):
- Date
- Thread