[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-jones-opsec-01.txt comments: in-band management

To: "Joel N. Weber II" <ietf-opsec@joelweber.com>
Subject: Re: draft-jones-opsec-01.txt comments: in-band management
From: George Jones <gmj@pobox.com>
Date: Fri, 24 Oct 2003 16:56:41 -0400 (EDT)
Cc: Merike Kaeo <kaeo@merike.com>, opsec@ops.ietf.org
In-reply-to: <E1ACjKL-00039v-00@xanthine.gratuitous.org>
References: <Pine.LNX.4.53.0309180944000.14813@mall.pulltheplug.com> <E19pxTV-0004du-00@xanthine.gratuitous.org> <Pine.LNX.4.53.0308261246570.12054@mall.pulltheplug.com> <E19zpMk-0007kg-00@xanthine.gratuitous.org> <Pine.LNX.4.53.0309180944000.14813@mall.pulltheplug.com> <5.2.1.1.2.20031023002110.027b3398@mail.merike.com> <E1ACjKL-00039v-00@xanthine.gratuitous.org>
Reply-to: gmj@pobox.com

On Thu, 23 Oct 2003, Joel N. Weber II wrote:

> It seems like opsec is not really the right scope to be mandating
> lowest common denominator profiles for IPsec.  I think we ought to be
> able to just say ``IPsec'', and let the IPsec people take care of the
> rest.

Thank-you.  Agreed.

>  opsec is about listing existing technologies that actually
> already work,

I might add work well, work simply, work widely, work without the
need for endless debates/drafts/training classes/armies of
consultants.  SSH "just works".  Syslog (for all its falults)
works...mostly. Radius and TACACS work.

 and specifying that it is important to implement them,
> mostly.
>
> Of course, if someone can speak up and say ``I've been using these
> IPsec implementations that come from these diverse source bases, with
> this profile, and I find it works well, and opsec should use this
> profile'', then I think we should consider that.

Right.  If someone can show succes stories of quick, painless rollout
of IPsec in a large multi-vendor environemnt without the need to get
vendors and testing labs involved to resolve incompatabilites and
point a 5 page or less "Here's how I did it, and how you can do it to"
writeup" I'd be willing to be convinced.

Thanks,
--George

Follow-Ups:
- Re: draft-jones-opsec-01.txt comments: in-band management
  - From: Merike Kaeo <kaeo@merike.com>

References:
- Re: [spam score 5/10 -pobox] draft-jones-opsec-01.txt comments
  - From: George Jones <gmj@pobox.com>
- Re: [spam score 5/10 -pobox] draft-jones-opsec-01.txt comments
  - From: George Jones <gmj@pobox.com>
- Re: [spam score 5/10 -pobox] draft-jones-opsec-01.txt comments
  - From: "Joel N. Weber II" <ietf-opsec@joelweber.com>
- Re: draft-jones-opsec-01.txt comments: in-band management
  - From: Merike Kaeo <kaeo@merike.com>
- Re: draft-jones-opsec-01.txt comments: in-band management
  - From: "Joel N. Weber II" <ietf-opsec@joelweber.com>

Prev by Date: RE: [spam score 5/10 -pobox] draft-jones-opsec-01.txt comments
Next by Date: Re: draft-jones-opsec-01.txt comments: in-band management
Previous by thread: Re: draft-jones-opsec-01.txt comments: in-band management
Next by thread: Re: draft-jones-opsec-01.txt comments: in-band management
Index(es):
- Date
- Thread