[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ACLs

To: "'George M. Jones'" <gmjones@mitre.org>, Randy Bush <randy@psg.com>
Subject: RE: ACLs
From: "Smith, Donald" <Donald.Smith@qwest.com>
Date: Wed, 23 Jul 2003 11:05:24 -0600
Cc: Florian Weimer <fw@deneb.enyo.de>, opsec@ops.ietf.org

The goal is to improve security:)
Writing requirements that the major router vendor can't support might mean
the requirements get ignored as TOO HARD.
That is the way the orange book was usually taken. Too hard, just ignore it.
Only a small handful of vendors ever spent the money to get c2 certified.
Only a VERY small handful of vendors ever spent the money to get B1
certified.

I still believe acls that have little to no impact is an important
requirement
but getting a major router vendor to completely change their architecture
could take a few years.

Donald.Smith@qwest.com GCIA
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
(coffee != sleep) & (!coffee == sleep)

> -----Original Message-----
> From: George M. Jones [mailto:gmjones@mitre.org]
> Sent: Wednesday, July 23, 2003 10:33 AM
> To: Randy Bush
> Cc: Florian Weimer; opsec@ops.ietf.org
> Subject: Re: ACLs
> 
> 
> Randy Bush wrote:
> 
> >>As far as I know, it *is* difficult for a certain vendor.
> >>    
> >>
> >
> >is the goal to lay out operator requirements or vendor marketing
> >brochures?
> >
> 
> Actually,  I thought the goal was to improve security.
> 
> I'm willing to bet that a good set of operator requirements
> is a better means of achieving that goal than vendor markinging
> info.
> 
> ---George
> 
> 
>

Follow-Ups:
- Re: ACLs
  - From: "George M. Jones" <gmjones@mitre.org>

Prev by Date: Re: ACLs
Next by Date: Re: Ability to withstand well known attacks
Previous by thread: Line rate filtering
Next by thread: Re: ACLs
Index(es):
- Date
- Thread