[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Referenceing 3704 in OPSEC filtering document ?



From an operations perspective this is one case where the configuration how is as interesting as the functional what (filtering).  

There are three possibilities that come to mind immediately: 
- manual configuration (implementation being static ACLs)
- dynamic based on something known (implementation being uRPF)
- triggered by external source/API (implementation being shunning, quarantine, VOIP midcom pinholes)

It adds some complexity to the draft, but gives more flexibility in mapping capabilities to profiles, or requirements docs. 

Regards,
Fred Budd

-----Original Message-----
From: owner-opsec@psg.com [mailto:owner-opsec@psg.com]On Behalf Of
George Jones
Sent: Monday, March 07, 2005 4:41 PM
To: Christopher L. Morrow
Cc: Pekka Savola; Merike Kaeo; opsec@ops.ietf.org
Subject: Referenceing 3704 in OPSEC filtering document ?


So the question I have is, given the excellent work that Pekka and Fred did
on 3704, does Chris' doc need any more than a citation saying "do that/
provide features capapable of doing that" ?

---George