[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: survey of isp security practices
Hi Howard,
Comments inline
> -----Original Message-----
> From: owner-opsec@psg.com [mailto:owner-opsec@psg.com] On
> Behalf Of Howard C. Berkowitz
> Sent: Thursday, November 18, 2004 11:43 AM
> To: opsec@ops.ietf.org
> Subject: RE: survey of isp security practices
>
[...]
>
> Understood. Let me pose a question to you as well as the
> OPSEC group, with special reference to the OPSEC charter.
> Some years ago, during the IPng effort, there were a set of
> very interesting, short papers on industry or technology area
> requirements for IPng. They had the flavor both of an
> applicability document and a white paper on future
> applicability/requirements.
>
> Is there scope for a short OPSEC paper or papers documenting
> some of these potentials? In other words, a collaboration
> that says "here are SP needs, and here are ISMS and/or
> per-user authentication approaches. This might be a roadmap
> about how they come together."
I am of the impression that such a short document would be out of
scope for OpSec.
I am of the impression that such a short document would be out of
scope for ISMS.
It could be included in an ISMS proposal, but the charter for ISMS is
very constraining, and the deadline for submission has passed.
I encourage operators to make their needs known on the ISMS WG mailing
list.
I encourage operators to review the three proposals being considered
in ISMS, and comment on them on the ISMS WG mailing list.
There is an evaluation team currently reviewing the ISMS proposals.
They are largely looking at the viability of the security approach,
compatibility with the SNMPv3 architecture, and compatibility with
existing security infrastructures.
Having operator input might be helpful to them to consider
compatibility with real implementations and SP needs.
>
> >
[...]
> >
> >The OPSec WG is chartered to "codify knowledge gained through
> >operational experience about feature sets that are needed to
> securely
> >deploy and operate managed network elements", so such
> discussion should
> >be in scope.
>
> Is the sort of document I briefly mentioned a starting point?
If the BCP document describes current practices for authentication,
authorization, and key distribution, and describes the limitations of
current practice, that could be helpful to other WGs, like ISMS, that
try to address those limitations.
>
> >
> >My $.03
> >David Harrington
> >dbharrington@comcast.net
> >co-chair IETF SNMPv3 WG, concluded
> >