[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tin-man charter

To: George Jones <gmj@pobox.com>
Subject: Re: Tin-man charter
From: Chris Lonvick <clonvick@cisco.com>
Date: Mon, 14 Jun 2004 12:36:24 -0700 (PDT)
Cc: opsec@ops.ietf.org
In-reply-to: <Pine.LNX.4.53.0406081610480.23066@mall.pulltheplug.com>
References: <Pine.LNX.4.53.0406081610480.23066@mall.pulltheplug.com>

Hi,

On Tue, 8 Jun 2004, George Jones wrote:

> Try this...
>
> -------------------------cut here-----------------------
>
> Operations and Management Area Director(s):
>
>   Bert Wijnen <bwijnen@lucent.com>
>   David Kessens <david.kessens@nokia.com>
>
> Operations and Management Area Advisor:
>
>   David Kessens <david.kessens@nokia.com>
>
> Security Area Director(s):
>
>   Russell Housley <housley@vigilsec.com>
>   Steven Bellovin <smb@research.att.com>
>
> Security Area Advisor:
>
>   Steven Bellovin <smb@research.att.com>
>
> Mailing Lists:
>
>   General Discussion: opsec@ops.ietf.org
>   To Subscribe: opsec-request@ops.ietf.org
>   In Body: subscribe
>   Archive: http://ops.ietf.org/lists/opsec/
>
> Description of Working Group:
>
> Goals
>
>   The goal of the Operational Security Working Group is to codify
>   knowledge about feature sets that are required to securely deploy
>   and operate managed network elements providing transit services at
>   OSI layers 2 and 3.
>
> Scope
>
> The working group will produce requirements appropriate for:
>
>    o Internet Service Provider (ISP) Networks
>    o Enterprise Networks
>
> The following areas are excluded from the charter at this time:
>
>    o Wireless devices
>    o SOHO devices
>    o Security devices (firewalls, IDS, Authentication Servers)
>    o Hosts
>
> Methods
>
>   A framework document will be produced describing the scope, format,
>   intended use and sequence of future documents. A series of BCP
>   documents will be produced covering various areas of security
>   management functionality. Profiles documents will be produced,
>   citing the BCPs, which list the requirements relevant to different
>   operating environments. Profiles might list different requirements
>   for devices in different roles: core, edge, peering, aggregation,
>   access, etc.
>
>   http://www.ietf.org/internet-drafts/draft-jones-opsec-06.txt will be
>   used as a jumping off point.
>
>   Much of the operational security knowledge that needs to be codified
>   resides with operators. In order to access their knowledge and reach
>   the working group goal, informal BoFs will be held at relevant
>   operator fora.

I'd like to suggest that this WG also draw upon the works already created,
and efforts already underway in other SDOs (Standards Developing
Organizations).  Specifically ANSI T1.276, the NRIC V "Best Practices",
ITU-T M.3016 and X.805, the T1S1 effort on securing signalling, and, I'm
sure, others.  I'd also like to suggest that the WG form liaisons with
these other SDOs and perhaps attempt to cross-certify standards.  Putting
on my Cisco hat for a moment, I'd really like for there to be a consistent
set of product requirements to follow.  I really don't want to see one SDO
stipulate "security feature X" while another mandates "Y" for the same
purpose.

The only Goal/Milestone that I can see coming from that activity would be
a document (Informational RFC?) citing all of the relevent standards and
providing a snapshot of the efforts of other SDOs in this area.  If that
makes sense, I'll volunteer to produce that document, for submission to
the IESG, within 6 months.

Thanks,
Chris


>
> Goals and Milestones:
>
>   Aug 04          First Working Group Meeting @ IETF 60 in San Diego
>   Sep 04          First draft of Framework Document as Internet Draft
>   Mar 05          Submit Framework to IESG
>
>   Aug 05          Submit In-Band management requirements to IESG (BCP)
>   Aug 05          Submit Out-of-Band management requirements to IESG (BCP)
>   Aug 05          Submit Packet Filtering requirements to IESG (BCP)
>   Aug 05          Submit Event Logging Requirements document to IESG (BCP)
>
>   Nov 05          Submit Configuration and Management Interface Requirements to
>   IESG  (BCP)
>   Nov 05          Submit AAA requirements document to IESG (BCP)
>   Nov 05          Submit Documentation and Assurance requirements document to IESG (BCP)
>   Nov 05          Submit Miscellaneous requirements document to IESG (BCP)
>
>   Mar 06          Submit ISP Operational Security Requirements Profile (info)
>   Mar 06          Submit Large Enterprise Operational Security Requirements Profile
>   Mar 06          Submit OPSEC Deliberation Summary document
>
> Internet-Drafts (to be written):
>
>   See schedule above.
>
> Request For Comments:
>
>   None.
>
>
>

Follow-Ups:
- Re: Tin-man charter
  - From: George Jones <gmj@pobox.com>

References:
- Tin-man charter
  - From: George Jones <gmj@pobox.com>

Prev by Date: Tin-man charter
Next by Date: Re: Tin-man charter
Previous by thread: Tin-man charter
Next by thread: Re: Tin-man charter
Index(es):
- Date
- Thread