[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding

To: opsec@ops.ietf.org
Subject: RE: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
From: Tony Rall <trall@almaden.ibm.com>
Date: Tue, 1 May 2007 14:12:06 -0700
In-reply-to: <60C4A248E730F249990993E3B9BD44D8743BED@xmb-sjc-218.amer.cisco.com>

On Tuesday, 2007-05-01 at 13:41 MST, "Darrel Lewis \(darlewis\)" 
<darlewis@cisco.com> wrote:
> While I have my preferences to which of the techniques I prefer, I think
> this document would be incomplete and non-usefull if we did not present
> them.  We don't need complete consensus, just rough consensus is good
> enough.

Well, you don't have my agreement.

It's fine to hide parts of your network that are truly private.  If that 
is what section 6 is about, I don't think that was made clear at all.

But it's not fine to do so for any parts that source packets to outside 
parties.

Nor is it fine to simply not send packets (prescribed in other RFCs) that 
you should be sending.

Nor is it fine to not provide forward and reverse dns for parts of the 
public Internet.

--
Tony Rall

Follow-Ups:
- RE: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
  - From: "Barry Greene \(bgreene\)" <bgreene@cisco.com>

References:
- RE: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
  - From: "Darrel Lewis \(darlewis\)" <darlewis@cisco.com>

Prev by Date: RE: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
Next by Date: RE: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
Previous by thread: RE: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
Next by thread: RE: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
Index(es):
- Date
- Thread