Re: survey of isp security practices

[George Jones <eludom@gmail.com>]

On Wed, 17 Nov 2004 18:25:19 -0500, Howard C. Berkowitz
<hcb@gettcomm.com> wrote:
> Might I observe that a document called "Survey of ISP Security
> Practices" isn't necessarily a logical place for functions for which
> the architectural models are still under development?

Agreed.

> Perhaps there
> is a place for a new document "Requirements for (new) ISP Security
> Practices", but the value of the current one seems to be what people
> actually do. If they do things that have problems with scalability,
> it still may be relevant to note the technique, its limitations, and
> move on.

There are two things/docs to come out of this.  One is Merike's doc, which is
striclty a current practices survey.   Two is the capabiliites needed to support
those practices.    This disccuion is useful as input to both docs.

In the charter discussion, framework, etc. the door was left open to listing
capabilities beyond those used to support current practice or that
are not universal.   These will likely be in the minority if present at all,
only included if there is strong operator agreement that the capability
is needed, cleary labled as not supporting current practice by their
lack of corss references to the practice document, and subject
to WG review....togehter that should keep impractical, unnecessary
or horrendeously expensive capabilities from being included.

---George