[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-morrow-filter-caps-00 comments
On Tue, 8 Mar 2005 19:47:03 +0200 (EET), Pekka Savola <pekkas@netcore.fi> wrote:
> On Tue, 8 Mar 2005, George Jones wrote:
> > * Current
> > implementations/how [e.g. uRPF]
>
> Note that if this is the case, we need more text to the required
> filtering capabilities to more closely reflect the fact what we're
> actually looking for.
>
> For example:
> - [uRPF-like] automatic filtering on customer interfaces
> - ... which works with multihomed and asymmetric traffic as well, as
> long as the prefixes are consistent.
OK, time for review. From the framework, with feeling:
1.7 Format and Definition of Capabilities
A separate document will be created for specific categories of
capabilities. Each individual capability will have the following
elements:
Capability (what)
The capability describes a policy to be supported by the device.
Capabilities should not refer to specific technologies. It is
expected that desired capability will change little over time.
Supported Practices (why)
The Supported Practice section cites practices described in
CITE-OPERATOR-SURVEY-RFC that are supported by this capability.
The need to support the cited practices provides the justification
for the feature.
Jones, et al. Expires April 21, 2005 [Page 9]
Internet-Draft OpSec Framework October 2004
In a few cases, practices not listed in CITE-OPERATOR-SURVEY-RFC
may be listed at the end of the capability document and cited as
justification for a capability. This may be necessary if a
practice becomes common after CITE-OPERATOR-SURVEY-RFC is finished
or if there is widespread consensus that the practice would
improve security but it is not, for whatever reason, in widespread
deployment.
Current Implementations (how)
The Current Implementation section is intended to give examples of
implementations of the capability, citing technology and standards
current at the time of writing. Examples of configuration and
usage may also be given.
Considerations
The Considerations section lists operational and resource
constraints, limitations of current implementations, tradeoffs,
etc.
If we're missing this this, please point out where.
Thanks,
---George