[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Draft Opsec WG minutes from Montreal IETF
Hi,
Included are the draft minutes of our session in Montreal as captured by
Chris, with additions from Ross and me. Please let us know of any omissions
or corrections in the next week.
Thank you.
Pat
===================================
Opsec WG - 13 July 2006, IETF 66
Ross Callon and Patrick Cain, Chairs, present
George Jones volunteered to be jabber scribe
Chris Lonvick volunteered to take minutes
1. Agenda bashing
None.
2. Charter review - outputs review
3. Status of Current WG Docs.
opsec-framework : probably to be INFORMATIONAL, WG Last Call will be
requested soon.
opsec-efforts : Looks ready; will be sent to WG last call likely next
week.
opsec-current-practices : some reorg and still filling in content, next
version coming in a week or two - hopefully destined to become a BCP.
Last call shall start soon.
4. Status of new-ish WG Docs.
opsec-misc-cap : remove MUST/SHOULD/MAY, some text needs to be modified
based upon not-so-recent email discussion (Ross to send note to WG about
how a document becomes BCP, what it needs to have, etc.) It was
discussed
that in general the capabilities documents are discussing "capabilities"
and not "requirements", and therefore the "MUST", "SHOULD", ... language
will be removed.
opsec-nmasc : author not present
zhao-opsec-routing-capabilities : will be discussed later in the agenda
cain-logging-caps : -00 This is a new document by Pat Cain (was sent to
working
group email exploder -- see July 5th email) but is not yet in the
Internet Drafts repository, comments welcome
5. Review of Capabilities documents in Charter - some but not all of the
capabilities documents listed in the charter have been written.
6. The way forward:
- The Charter milestones have all been passed. The ADs would like us
to finish up (and subsequently close the WG). Regarding the capabilities
documents - we need to get them done, or review other options. They
need to be nearly complete at the next IETF meeting. Then get all docs
submitted to the IESG by the IETF meeting after that. The ADs have
therefore stated that for each capability document we need to have a
nearly complete document by September 1st, and have the document
accepted as a working group document prior to the next IETF (November
in San Diego), or the document will be removed from the charter.
- Profiles - there are not a lot of profiles, if anyone is interested,
please write them (or they too will be removed from the charter)
7. Available documents:
draft-zhao-opsec-routing-capabilities - Miao Fuyou
Not addressing data packet filtering (out of scope of the document).
Routing filtering is in scope of the document.
Should this be a WG document? (Ross reclused himself from this
discussion since he is a co-author)
How will the doc be submitted - INFORMATIONAL or BCP?
-Ted Seely: still a bit vague, comments about SHOULD/MUST, (George
suggested SHOULD/MUST/MAY be removed.
-Pekka: The wording needs to be changed to "the device should be capable
of..." rather than "the device MUST...", sometimes "the device should
be able to be configured to do.." Who is the document intended for?
Vendors so they can build it? SPs so they can practice this.
-mike: are these capabilities to address security, or will they be used
to address policy?
-Ross: the WG cannot take on policy, just operational security
A Hum was taken on acceptance as a WG document:
-Pat: humm - the FOR humm was slightly louder than the ANTI humm. Since
there
was not a real consensus we should discuss it more on the mail list.
draft-lewis-infrastructure-security - Peter Shoenmaker
Best practices in security network infrastructure
Intended for operators and end customers to make the infrastructure
more secure
Complements BCP 38/84
Should the document become a WG document?
The -01 draft will be available in the next few weeks.
-Ross: (speaking as an individual contributor): it needs editing but it
is valuable
-Pekka: It's not obvious how this fits into the Charter, there are some
techniques that are described that might not be acceptable to all,
there are some very useful recommendations, but some more work is
needed.
-Sandy Murphy: Pekka didn't mention his own draft that covers
infrastructure security.
-Ross: Pekka will discuss his draft.
-Sandy: What is the intended use of this document? Also, there are
cases where the links are wireless which changes the model that the
document addresses.
-Pat: A discussion arose during the last IETF that we aren't giving SPs
security direction. Darren volunteered to write something up.
-Darrell Lewis: There shouldn't be much difference between wired and
wireless, or satellite, the Charter mentions that the WG wants
operational practices.
-Ted Seely: The document is relevant. If there are concerns about
media, then narrow the scope of the document. IP hiding is a good
suggestion.
-George: Both this and Pekka's document are in line with the Practices
documents.
-Dave Kessins (as AD): If it's not 100% covered in the charter, that
shouldn't preclude it from being considered. However, it is a concern
that this WG is behind on their milestones. The documents need to be
done on time.
draft-savola-rtgwg-backbone-attacks-02.txt - Pekka Savola
"Backbone Infrastructure Attacks and Protections"
Describes a view of ISP backbone network attacks
Not clear where the home for this document is.
Francois: IPsec implementation?
draft-savola-bcp84-urpf-experiences-01.txt - Pekka Savola
"Experiences from Using Unicast RPF"
Pat: These docs don't appear to exactly fit in the Charter but they look to
be useful.
We should look at them and everyone is requested to submit comments.
Pat: Should the document become a WG document? Needs to be reviewed with
the AD.
8. Meeting adjourned.
--end--