[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: opsec BoF summary

To: Fred Baker <fred@cisco.com>
Subject: Re: opsec BoF summary
From: George Jones <gmj@pobox.com>
Date: Thu, 4 Mar 2004 06:41:47 -0800 (PST)
Cc: Steve Bellovin <smb@research.att.com>, "" <opsec@ops.ietf.org>
In-reply-to: <6.0.3.0.2.20040304062819.053e48b8@mira-sjc5-b.cisco.com >
References: <20040302082612.965387B44@berkshire.research.att.com> <Pine.LNX.4.50.0403030504580.11092-100000@tornado.he.net> <6.0.3.0.2.20040304062819.053e48b8@mira-sjc5-b.cisco.com >
Reply-to: gmj@pobox.com

On Thu, 4 Mar 2004, Fred Baker wrote:

> At 05:24 AM 03/03/04 -0800, George Jones wrote:
> >On Tue, 2 Mar 2004, Steve Bellovin wrote:
> > > However, turning it into a full-fledged BCP will be a
> > > lot of work; Fred in particular was quite vocal about that, based on
> > > his experience doing Router Requirements way back when.
>
> I should expand on the note a bit, for George's benefit as he got my
> remarks through Jabber. The discussion in the BOF seemed to me to
> contemplate adding quite a lot of text to these documents and head off in
> the direction of a tome like RFC 1812. My comment on that process is - it
> may well be the right thing to do, but for goodness' sake don't end up with
> a tome, as it is daunting to read and daunting to edit.

I think, @ 66 pages or so, the current draft is already approaching
that :-(

> Rather, come up
> with a set of smaller documents which represent the WG's thoughts on
> various aspects of the topic.

Wise words.

>
> Initial possible topics seemed to be "... for ISP networks" and "... for
> Enterprise". My sense there is that for the things the Jones drafts talk
> about, I doubt that ISPs and Enterprise are so very different.

For the most part, yes...esp as relates to management.   Where they
differ is in size and focus on transit issues.   Things like route
filtering, uRPF, filtering @ the edge and OoB mgt take on added
importance.

> For example,
> one of the specification points is that in a log message, please use the IP
> address to identify systems or interface, as the name may have multiple
> interpretations and may not be readily translatable through DNS with the
> network hosed. If you think about that, the problem really isn't an
> enterprise or an ISP problem, it's a specificity and
> minimal-required-working-parts issue.

Right.  The current doc is a superset of general issues (w/attempt to
capture them in the minimum profile) and large ISP specific issues.

 What will be more useful may be an
> overview document, a document on log messages, a document on dealing with
> various kinds of attacks, a document on dealing with configuration
> management issues, and so on.

As a stratigy for a working group aimed at comeing out with BCPs, I
think that is very wise advice.

Thanks,
---George

References:
- opsec BoF summary
  - From: Steve Bellovin <smb@research.att.com>
- Re: opsec BoF summary
  - From: George Jones <gmj@pobox.com>
- Re: opsec BoF summary
  - From: Fred Baker <fred@cisco.com>

Prev by Date: Re: opsec BoF summary
Next by Date: abstract changes
Previous by thread: Re: opsec BoF summary
Next by thread: abstract changes
Index(es):
- Date
- Thread