[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Updates on the way to -00

I've fixed a number of the major structural problems
in the document and done some work to make it
easier to track changes. Aiming for a -00 draft
in a week or two.

Changes:

- Reorganized/renamed the three main sections.
The first (2.x) is intended to be classic BCP stuff,
approved standards only, currently know best practices.
The second (3.x) is currently titled "Non-Standard Requirements".
This will contain requiremnts that may or may not be based
on currently approved standards or universal practice.
For "Support Scripting of Management Functions" goes here.
We want it. It's useful. But it's not standard....but not too
far out of reach (see, for instance the xmlconf/netconf work).
The third section (4.x) is things that are "out there", useful,
good, but maybe hard or not well defined. "Stealthing"
(making the core of networks totally invisible beyond the edge)
is here.

- Cited the forthcoming ANSI draft on operational security issues
where appropriate. They've done a good job of thinknig through
some of the issues, especially as it relates to use of encryption
WRT securing management traffic. No need to re-do that work.

- Changed the "Implmentation" sections to "Examples" (per Barbara
Frasier's suggestion), since that's more of what they are.

- Changed the "Encrypt all managemnt protocols" section to
"Support Secure Data Channels", with extensive examples
including a table showing protocol+class vs. securtiy capability.

- Had other requirements reference "Support Secure Data Channels"
instead of enumarating their own encryption requirements.

- Under the hood: broke the requirements down into individual XML
files and checked the whole thing into CVS. This will allow tracking
of changes per-requirement. This will be a big win for editing/tracking.
What we really want is some sort of changebar + annotation device
in xml2rfc, but this will do for now.

Stay tuned.

---George