[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-morrow-filter-caps-00 comments

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: draft-morrow-filter-caps-00 comments
From: George Jones <eludom@gmail.com>
Date: Tue, 8 Mar 2005 14:06:18 -0600
Cc: opsec@ops.ietf.org
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=Ub8nUl/YZTlfn30O2z4dEEe9tJUl9R5JQNfAJQZXweOm6SQ3B3fs+Yb5zVTv6ck+gDyVOMO9Twi7d1C5hSOr9MoxHi33YG+nyJScVEcI1MeAIDA6cQQXx5lIMYLhX1IdY6qa2E/zwdPCTe/ofFIpZ2tV+iLfUGSxPWZCqonJSjI=
In-reply-to: <Pine.LNX.4.61.0503081941240.8514@netcore.fi>
References: <Pine.LNX.4.61.0503061734000.7043@netcore.fi> <c1468ac50503080846477a4c62@mail.gmail.com> <Pine.LNX.4.61.0503081941240.8514@netcore.fi>
Reply-to: gmj@pobox.com

On Tue, 8 Mar 2005 19:47:03 +0200 (EET), Pekka Savola <pekkas@netcore.fi> wrote:
> On Tue, 8 Mar 2005, George Jones wrote:
> >                                                     * Current
> > implementations/how [e.g. uRPF]
> 
> Note that if this is the case, we need more text to the required
> filtering capabilities to more closely reflect the fact what we're
> actually looking for.
> 
> For example:
>   - [uRPF-like] automatic filtering on customer interfaces
>   - ... which works with multihomed and asymmetric traffic as well, as
> long as the prefixes are consistent.

OK, time for review.   From the framework, with feeling:

1.7  Format and Definition of Capabilities

   A separate document will be created for specific categories of
   capabilities.  Each individual capability will have the following
   elements:

   Capability (what)
      The capability describes a policy to be supported by the device.

      Capabilities should not refer to specific technologies.  It is
      expected that desired capability will change little over time.

   Supported Practices (why)
      The Supported Practice section cites practices described in
      CITE-OPERATOR-SURVEY-RFC that are supported by this capability.
      The need to support the cited practices provides the justification
      for the feature.




Jones, et al.            Expires April 21, 2005                 [Page 9]

Internet-Draft              OpSec Framework                 October 2004


      In a few cases, practices not listed in CITE-OPERATOR-SURVEY-RFC
      may be listed at the end of the capability document and cited as
      justification for a capability.  This may be necessary if a
      practice becomes common after CITE-OPERATOR-SURVEY-RFC is finished
      or if there is widespread consensus that the practice would
      improve security but it is not, for whatever reason, in widespread
      deployment.

   Current Implementations (how)
      The Current Implementation section is intended to give examples of
      implementations of the capability, citing technology and standards
      current at the time of writing.  Examples of configuration and
      usage may also be given.

   Considerations
      The Considerations section lists operational and resource
      constraints, limitations of current implementations, tradeoffs,
      etc.


If we're missing this this, please point out where.

Thanks,
---George

References:
- draft-morrow-filter-caps-00 comments
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: draft-morrow-filter-caps-00 comments
  - From: George Jones <eludom@gmail.com>
- Re: draft-morrow-filter-caps-00 comments
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: RE: draft-morrow-filter-caps-00 comments
Next by Date: Re: draft-morrow-filter-caps-00 comments
Previous by thread: Re: draft-morrow-filter-caps-00 comments
Next by thread: Re: draft-morrow-filter-caps-00 comments
Index(es):
- Date
- Thread