RE: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding

["Darrel Lewis \(darlewis\)" <darlewis@cisco.com>]

Warren Kumari wrote:
> On Apr 27, 2007, at 1:33 PM, Smith, Donald wrote:
>>> 
>>> Don't get me wrong - I feel the other sections (other than
>>> 6.x) of the
>>> draft might be beneficial, but I wanted to strongly object to 6.
> 
> Me too!
> 
> This is a nice draft -- it outlines useful info and suggestions for
> the community, but section 6 is starting to feel like a holy war.
> I cannot really see everyone coming to consensus on this and feel
> that section 6 should be dropped...
> 

I'm going to have to strongly disagree with you here.  Some form of core
hiding (one or more of the options presented in section 6) has been
deployed in nearly every major SP.  The operational security community
that I've been a part of for the last 5+ years has been strongly
supportive of these techniques.  Presentations at NANOG, RIPE and
APRICOT talking about implementing these have been well received.

While I have my preferences to which of the techniques I prefer, I think
this document would be incomplete and non-usefull if we did not present
them.  We don't need complete consensus, just rough consensus is good
enough.  

If there are specific areas in section 6 that you think are not well
articulated or are misleading, well, suggested text is always welcome!
8-)

-Darrel