[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Response to issues with -04 raised by Bert Wijnen

To: opsec@ops.ietf.org
Subject: Response to issues with -04 raised by Bert Wijnen
From: George Jones <gmj@pobox.com>
Date: Fri, 16 Apr 2004 05:46:31 -0700 (PDT)
Cc: bwijnen@lucent.com
Reply-to: gmj@pobox.com

bw> Date and Time: 2004-04-15, 16:57:28
bw> Version: 04
bw> Commented by: Wijnen, Bert
bw> State before Comment: 0
bw> State after Comment: 0
bw> Comment: 1.During the Seoul meeting an issue was reaised which has
bw>   not been addressed yet, and my reviewer Dan Romascanu
bw>   considers this a key issue:
bw>     Part of the content of this document is appropriate for
bw>     large IP SPs networks, but not for enterprise networks
bw>     deploying IP technology. Without specifying clearly this
bw>     in the scope section (1.3), the document risks to be
bw>     mis-leading. I actually have already encountered cases
bw>     where people were taking the recommendations in this
bw>     document ad-literam for enterprise IP routing and
bw>     other IP-related equipment. In the absence of such a
bw>     correction I oppose publishing this version as an
bw>     Informational RFC.

bw>   This can be fixed with:
bw>   - Change the current title:
bw>       Operational Security Requirements for IP Network Infrastructure
bw>     into something aka:
bw>       Operational Security Requirements for ISP IP Network
bw>   Infrastructure

s/IP Network/Large ISP IP Network/

Wordy, but precise.

bw>     Actually in Seoul I pleaded for issuing a similar
bw>     document for enterprise networks. I think that this
bw>     is important work.
bw>

As I mentioned in jabber (I think) at the BoF, I tried to
expand the scope earlier, with the result that what is
already a large (86p) doc became unmanagable.

I think addressing the needs of enterprise nets would
be a fine first or second step for the working group.
Stay tuned (and participate !) for charter discussions.

bw>
bw>   - In sect 1.3: Change "IP networks" into "ISP networks"
bw>     or "ISP IP networks"
bw>
bw> 2.I still see SNMP being referenced with RFC1157. That RFC
bw>   is SNMPv1 which we have obsoleted. I'd prefer a refence
bw>   to RFC3410 and RFC3411. And I also think it is mandatory
bw>   to put some text in this document that states that SNMPv1
bw>   does NOT provide proper security and that deployment of
bw>   SNMPv3 instead is STRONGLY RECOMMENDED.

Will fix.  I'll send out htmlized diffs when done.

Thanks,
---George

Prev by Date: draft-jones-opsec-04.txt submitted
Next by Date: RE: Response to issues with -04 raised by Bert Wijnen
Previous by thread: draft-jones-opsec-04.txt submitted
Next by thread: RE: Response to issues with -04 raised by Bert Wijnen
Index(es):
- Date
- Thread