[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOHO/Profiles

To: gmj@pobox.com
Subject: Re: SOHO/Profiles
From: Merike Kaeo <kaeo@merike.com>
Date: Mon, 04 Aug 2003 12:49:02 -0700
Cc: opsec@ops.ietf.org
In-reply-to: <Pine.LNX.4.53.0308041242500.86@mall.pulltheplug.com>
References: <004401c33ae2$46604500$6401a8c0@santacruz><Pine.LNX.4.44.0306181144510.13462-100000@sasami.anime.net><gu9fzm7ghgc.fsf@rivendell.digitaljunkyard.net><Pine.LNX.4.53.0306190942270.25522@mall.pulltheplug.com><gu9brwuayns.fsf@rivendell.digitaljunkyard.net><3EF78E09.9080409@mitre.org><gu9ptl4b9pk.fsf@rivendell.digitaljunkyard.net><004401c33ae2$46604500$6401a8c0@santacruz>

First, I think *all* devices need at least the ability to filter
traffic directed *to* it, particularly devices that allow in-band
management.  See CA-2003-17 for justification.

I agree - no problem there

Second, your current profile does not seem to anticipate any sort
of ongoing management (or even capability to do so).  I think,
given the current definition of scope, for a device to be covered
by these requirements, it would have to be at least potentially
managable by the network operator.

Yeah...probably best to include *some* management capability and if joe-cheapo-fw/router/switch wants to play in bigger world they can do the right thing in terms of what this profile requires.

This is not to say that you can't define a profile out of the
existing requiremnts that is intended to be useful as guidance
for joes firewall, it simply means we're not going to add and
requirements for it.

Joe firewall/switch/dareIsayrouter can look towards SOHO requirements for guidance....no further subset needed....

If you want to define profiles for unmanagable (by the operator)
or customer managed devices, that's fine, just indicate clearly
in the intro text that that's what's being done.

nope....see above...

I'm attaching a copy of prof.all.xml, which is the source for
set of profile requirements that has every currently defined
profile.  Simply change the intro paragraph text and edit out
all the sections/requirements that don't apply and send back to
me.

OK

[1] I do have some question about including any CPE since physical
    access then becomes an issue.

it's always an issue....and overlooked I can't even tell you how many times......and not just in CPE type equipment......

- merike

References:
- Re: Scope, Profiles
  - From: "merike kaeo" <merike@groovy.com>
- Re: Comments/suggestions on draft
  - From: Dan Hollis <goemon@anime.net>
- Re: Comments/suggestions on draft
  - From: ericb@digitaljunkyard.net
- Scope, Profiles
  - From: George Jones <gmj@pobox.com>
- Re: Scope, Profiles
  - From: ericb@digitaljunkyard.net
- Re: Scope, Profiles
  - From: "George M. Jones" <gmjones@mitre.org>
- Re: Scope, Profiles
  - From: ericb@digitaljunkyard.net
- SOHO/Profiles
  - From: George Jones <gmj@pobox.com>

Prev by Date: Re: Need wording for wireless reqs
Next by Date: password requirements
Previous by thread: SOHO/Profiles
Next by thread: Re: Scope, Profiles
Index(es):
- Date
- Thread