OPSEC Working Group? Need people to do the work.

[George Jones <gmj@pobox.com>]

The opsec draft (ftp://www.ietf.org/internet-drafts/draft-jones-opsec-06.txt)
is currently in the RFC editors queue, slated to come out as an info RFC
Real Soon Now.   At the BoF in Seoul, there was strong consensus that
there should be a working group (http://psg.com/lists/opsec/opsec.2004/msg00092.html),
most likely to produce a series of smaller BCP RFCs....the end result
being documents that say "if you're going to build boxes to deploy in
this environment, they must have the following security related
features".

What's needed at this point is people willing to do the work.  It is
my belief that the operator community should have heavy input into
this process, if not drive it.  Operators know what their problems
are.  They know what feature sets they use.  They know what the
real-world pitfalls are.

The work would involve helping draft a charter, writing and reviewing
drafts, participating on mailing list discussions and attending
Working Group meetings (which I'm advocating be held, at least part of
the time at operators forums such as nanog). The opsec draft focuses
on requirements for large ISP/NSP networks.  Next steps might be to
broaden the scope to enterprise nets, split out generic IP reqs, and
down the road work on reqs for different classes of devices such as
SOHO or Wireless.

We need to determine soon if there is critical mass.  If you're an
operator willing to spend some mental cycles and possibly travel on
this, please drop me a note and let me know what you're willing to do.
Thoughts on charter are also welcome.

Merike Kaeo has consented to be a point of contact a NANOG next week.
If you're going to be there, track her down (the nsp-sec BoF would be
a good place) and talk things over.

This will go IFF people (operators) see it as important and are
willing to do the work.

Thanks,
----George Jones