[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OPSEC Working Group? Need people to do the work.

To: Merike Kaeo <kaeo@merike.com>
Subject: RE: OPSEC Working Group? Need people to do the work.
From: George Jones <gmj@pobox.com>
Date: Thu, 27 May 2004 07:36:46 -0400 (EDT)
Cc: opsec@ops.ietf.org
In-reply-to: <6.1.0.6.2.20040526162150.02d0d558@pop.sonic.net>
References: <9921AB57EA49D242A076864C5F473D3C0C706B@itdene2km08.AD.QINTRA.COM> <Pine.LNX.4.53.0405261252490.32282@mall.pulltheplug.com> <20040526100531.J9703@moser.int.networktest.com> <Pine.LNX.4.53.0405261530060.32282@mall.pulltheplug.com> <6.1.0.6.2.20040526162150.02d0d558@pop.sonic.net>
Reply-to: gmj@pobox.com

On Wed, 26 May 2004, Merike Kaeo wrote:

> I like the idea of a framework doc which encompasses all of the work
> which will eventually be produced and broadens the scope to include
> devices which are not covered in the current soon-to-be
> informational RFC.

I'm thinking that that a lot of it will come from the front matter
of the info draft...the bits that explain reqs/justifiation/examples/etc
plus scoping bits.

> It's also a
> good idea to first produce BCP versions for the material covered in the
> existing document.

Right.  Easy first target.

>
> I don't see the need to re-charter if the original charter specifically
> defines the work to be done in a clear sequential manner.  I.e. state
> explicitly that the work for BCPs for the current informational rfc needs
> to be finished before work on other areas can be started.

Reading the bits on WG charters, it seems that there is a desire for
clear goals, finite time, etc.   Doing the framework and reworking
current mateiral would give that....I'm thinking a year or so
to finish that off...and if it looks like it's going well we can
recharter at the end....and there would be nothing to stop more
ambitions people with broader interests from starting to draft
reqs for other targets before that (say 6-9 mo.s out once it's
clear that the modle is working).

>
> Coming up with clear definitions for all the categories of devices that
> will eventually be covered should be part of the framework
> document.......I'm sure there'll be some controversy/discussion but
> hopefully those can be constrained to a reasonable level.

I'll list the issues/choices/cagetories that I'm aware of early
next week.   Many decisions were made in the process of getting
to the current opsec draft.  There were many suggestions to
broaden the scope.   I'll try to list as many as I can recall
in bullet form.

>
> I don't feel it necessary to include host OS'es in the scope of this
> particular wg, which would mean devices like DNS servers, mail servers are
> NOT part of the scope.  Is it fair to say that the scope will include
> networking devices which provide connectivity at the networking and link
> layer?

That is indeed one of the questions.    Early on, we believed that
the work would result in some reqs that were generic to all IP enabled
devices.    I think that has happened to some extent, but we had to
restrict the target (large ISP infrastruture) to get a managable set.
I think the same will apply.

---George

References:
- RE: OPSEC Working Group? Need people to do the work.
  - From: "Smith, Donald" <Donald.Smith@qwest.com>
- RE: OPSEC Working Group? Need people to do the work.
  - From: George Jones <gmj@pobox.com>
- RE: OPSEC Working Group? Need people to do the work.
  - From: David Newman <dnewman@networktest.com>
- RE: OPSEC Working Group? Need people to do the work.
  - From: George Jones <gmj@pobox.com>
- RE: OPSEC Working Group? Need people to do the work.
  - From: Merike Kaeo <kaeo@merike.com>

Prev by Date: RE: OPSEC Working Group? Need people to do the work.
Next by Date: RE: OPSEC Working Group? Need people to do the work.
Previous by thread: RE: OPSEC Working Group? Need people to do the work.
Next by thread: RE: OPSEC Working Group? Need people to do the work.
Index(es):
- Date
- Thread