Re: Directed broadcasts; known exploits; defalt passwords

["George M. Jones" <gmjones@mitre.org>]

Randy Bush wrote:

> > I can see your point, but herein lies a conflict: 2.3.1 says the
> > device must comply with RFCs, including 1812 which requires
> > directed brodcasts......so, unless we're going to put this on
> > standards track (not clear yet) and have it officially
> > superceed/supplement 1812 (which we may), I'm going to leave this
> > one as it is for now.
> >    
> to operators, this is a known 'problem' with 1812.  why not let
> this document modify that part of 1812?
There are two questions here. One is "what security features+defaults
do operators want/need". The second is "how does this work in the
context of various IETF doc".

I understand that turning off directed broadcasts is a Good Thing
from an opsec point of view (so maybe that should be the end
of the discussion).

The bit I'm not clear about is what can/can't should/shouldn't be done
in various IETF docs. I note that 2644 (BCP) updates 1812 (standard).

One of the major open questions for this doc is where it fits in the IETF
framework. Large bits of it are BCP (section 2). Others its (Sections
3 and 4) are not. Based on that, I'm leaning towards submitting it
as an informational RFC (rather than a BCP) after a few rounds
of feedback, and then seeing what bits should go forward.
I need to be educated/advised here. This is a possible subject
for BOF discussion.

So, back to the question, yes I agree that, from a pure opsec
point of view, you want this to be a MUST. I'll change it if
I can understand how it wll fit.

Thanks,
---George