RE: Tin-man charter

[Chris Lonvick <clonvick@cisco.com>]

Hi David,

On Wed, 16 Jun 2004, David B Harrington wrote:

> Hi,
>
> I also have a concern that, while IETF standards are freely available, the
> standards of other SDOs often cost significant amounts of money. This could
> prevent students and academics and independent consultants and unemployed
> persons, who are often important contributors to IETF standards, from
> participating in the discussions.

I agree with you and I think that's an important consideration.

>
> In general, I support the idea of leveraging existing standards, but I think
> we need to resolve the issues of freely available documents and cross-SDO
> dependencies to make this approach viable for opsec.

I think that's why the liaisons need to happen.  We should attempt to get
approval from the other SDOs to post them so that contributors to our WG
may consider them in our deliberations.

Thanks,
Chris


>
> My $.02
>
> dbh
>
> > -----Original Message-----
> > From: owner-opsec@psg.com [mailto:owner-opsec@psg.com] On
> > Behalf Of Ross Callon
> > Sent: Wednesday, June 16, 2004 11:24 AM
> > To: gmj@pobox.com; Chris Lonvick
> > Cc: opsec@ops.ietf.org
> > Subject: Re: Tin-man charter
> >
> > At 09:46 AM 6/15/2004 -0400, George Jones wrote:
> > >On Mon, 14 Jun 2004, Chris Lonvick wrote:
> > >
> > > > I'd like to suggest that this WG also draw upon the works already
> > > > created, and efforts already underway in other SDOs (Standards
> > > > Developing Organizations).  Specifically ANSI T1.276, the NRIC V
> > > > "Best Practices", ITU-T M.3016 and X.805, the T1S1 effort on
> > > > securing signalling, and, I'm sure, others.  I'd also like to
> > > > suggest that the WG form liaisons with these other SDOs
> > and perhaps
> > > > attempt to cross-certify standards.  Putting on my Cisco
> > hat for a
> > > > moment, I'd really like for there to be a consistent set
> > of product
> > > > requirements to follow.  I really don't want to see one SDO
> > > > stipulate "security feature X" while another mandates "Y"
> > for the same purpose.
> > >
> > >Thanks Chris.   Agreed.
> >
> > I agree that we should "draw upon" other works -- which to me
> > means "consider as inputs and take seriously". I also think
> > that liaison makes sense.
> >
> > I am a bit worried regarding what is involved in
> > cross-certifying standards.
> >
> > > > The only Goal/Milestone that I can see coming from that activity
> > > > would be a document (Informational RFC?) citing all of
> > the relevent
> > > > standards and providing a snapshot of the efforts of
> > other SDOs in
> > > > this area.  If that makes sense, I'll volunteer to produce that
> > > > document, for submission to the IESG, within 6 months.
> >
> > This makes sense to me, particularly if documents related to
> > the other efforts can be published as Internet Drafts, or are
> > otherwise available on-line.
> >
> > >I'm thinking this should almost come before the framework,
> > as a kind of
> > >survey to reduce and frame the work that needs to be done.
> >
> > I think that large standards groups (including but not
> > limited to the IETF) are so good at slowing down work that I
> > think that we should avoid writing dependencies or delays
> > into charters. Thus while it makes sense to do this work
> > quickly, and it makes sense for its milestone date to be
> > early, I don't think that we should wait for it nor write a
> > dependency into the charter.
> >
> > Ross
> >
> >
>
>
>
>