[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft Opsec WG minutes from Montreal IETF

To: Ross Callon <rcallon@juniper.net>
Subject: Re: Draft Opsec WG minutes from Montreal IETF
From: Ted Seely <tseely@sprint.net>
Date: Mon, 31 Jul 2006 15:32:51 -0400 (EDT)
Cc: <opsec@ops.ietf.org>
In-reply-to: <002f01c6b407$91896830$6400a8c0@familyroom>

Hey Ross,

Curious, wasn't there discussion to take
"draft-lewis-infrastructure-security" to the list as well?  Is that in the
minutes as well and I just missed it?

If so, and as i said in the WG mtg, I support.

Thanks

-ted

On Sun, 30 Jul 2006, Ross Callon wrote:

> Hi,
> Included are the draft minutes of our session in Montreal as captured by
> Chris, with additions from Ross and me. Please let us know of any omissions
> or corrections in the next week.
>
> Thank you.
> Pat
>
> ===================================
> Opsec WG - 13 July 2006, IETF 66
>
> Ross Callon and Patrick Cain, Chairs, present
>
> George Jones  volunteered to be jabber scribe
>
> Chris Lonvick  volunteered to take minutes
>
>
>
> 1. Agenda bashing
> 	None.
>
> 2. Charter review - outputs review
>
> 3. Status of Current WG Docs.
> opsec-framework : probably to be INFORMATIONAL, WG Last Call will be
>    requested soon.
> opsec-efforts :  Looks ready; will be sent to WG last call likely next
>    week.
> opsec-current-practices : some reorg and still filling in content, next
>    version coming in a week or two - hopefully destined to become a BCP.
>    Last call shall start soon.
>
> 4. Status of new-ish WG Docs.
> opsec-misc-cap : remove MUST/SHOULD/MAY, some text needs to be modified
>    based upon not-so-recent email discussion (Ross to send note to WG about
>    how a document becomes BCP, what it needs to have, etc.)  It was
> discussed
>    that in general the capabilities documents are discussing "capabilities"
>    and not "requirements", and therefore the "MUST", "SHOULD", ... language
>    will be removed.
>
> opsec-nmasc : author not present
>
> zhao-opsec-routing-capabilities : will be discussed later in the agenda
>
> cain-logging-caps : -00 This is a new document by Pat Cain (was sent to
> working
>    group email exploder -- see July 5th email) but is not yet in the
>    Internet Drafts repository, comments welcome
>
> 5. Review of Capabilities documents in Charter - some but not all of the
> capabilities documents listed in the charter have been written.
>
> 6. The way forward:
> - The Charter milestones have all been passed.  The ADs would like us
>    to finish up (and subsequently close the WG). Regarding the capabilities
>    documents - we need to get them done, or review other options.  They
>    need to be nearly complete at the next IETF meeting.  Then get all docs
>    submitted to the IESG by the IETF meeting after that. The ADs have
>    therefore stated that for each capability document we need to have a
>    nearly complete document by September 1st, and have the document
>    accepted as a working group document prior to the next IETF (November
>    in San Diego), or the document will be removed from the charter.
> - Profiles - there are not a lot of profiles, if anyone is interested,
>    please write them (or they too will be removed from the charter)
>
> 7. Available documents:
> draft-zhao-opsec-routing-capabilities - Miao Fuyou
>    Not addressing data packet filtering (out of scope of the document).
>    Routing filtering is in scope of the document.
>    Should this be a WG document?  (Ross reclused himself from this
>    discussion since he is a co-author)
>    How will the doc be submitted - INFORMATIONAL or BCP?
>
>    -Ted Seely: still a bit vague, comments about SHOULD/MUST, (George
>     suggested SHOULD/MUST/MAY be removed.
>    -Pekka: The wording needs to be changed to "the device should be capable
>     of..." rather than "the device MUST...", sometimes "the device should
>     be able to be configured to do.."  Who is the document intended for?
>     Vendors so they can build it?  SPs so they can practice this.
>    -mike: are these capabilities to address security, or will they be used
>     to address policy?
>    -Ross: the WG cannot take on policy, just operational security
>
>    A Hum was taken on acceptance as a WG document:
>    -Pat: humm - the FOR humm was slightly louder than the ANTI humm. Since
> there
>     was not a real consensus we should discuss it more on the mail list.
>
> draft-lewis-infrastructure-security - Peter Shoenmaker
>    Best practices in security network infrastructure
>    Intended for operators and end customers to make the infrastructure
>     more secure
>    Complements BCP 38/84
>    Should the document become a WG document?
>    The -01 draft will be available in the next few weeks.
>
>    -Ross: (speaking as an individual contributor): it needs editing but it
>     is valuable
>    -Pekka: It's not obvious how this fits into the Charter, there are some
>     techniques that are described that might not be acceptable to all,
>     there are some very useful recommendations, but some more work is
>     needed.
>    -Sandy Murphy: Pekka didn't mention his own draft that covers
>     infrastructure security.
>    -Ross: Pekka will discuss his draft.
>    -Sandy: What is the intended use of this document?  Also, there are
>     cases where the links are wireless which changes the model that the
>     document addresses.
>    -Pat:  A discussion arose during the last IETF that we aren't giving SPs
>     security direction. Darren volunteered to write something up.
>    -Darrell Lewis:  There shouldn't be much difference between wired and
>     wireless, or satellite, the Charter mentions that the WG wants
>     operational practices.
>    -Ted Seely: The document is relevant.  If there are concerns about
>     media, then narrow the scope of the document.  IP hiding is a good
>     suggestion.
>    -George: Both this and Pekka's document are in line with the Practices
>     documents.
>    -Dave Kessins (as AD): If it's not 100% covered in the charter, that
>     shouldn't preclude it from being considered.  However, it is a concern
>     that this WG is behind on their milestones.  The documents need to be
>     done on time.
>
> draft-savola-rtgwg-backbone-attacks-02.txt  - Pekka Savola
> "Backbone Infrastructure Attacks and Protections"
>
>    Describes a view of ISP backbone network attacks
>    Not clear where the home for this document is.
>    Francois: IPsec implementation?
>
> draft-savola-bcp84-urpf-experiences-01.txt - Pekka Savola
> "Experiences from Using Unicast RPF"
>
> Pat: These docs don't appear to exactly fit in the Charter but they look to
> be useful.
> We should look at them and everyone is requested to submit comments.
>
> Pat: Should the document become a WG document?  Needs to be reviewed with
> the AD.
>
> 8. Meeting adjourned.
>
> --end--
>
>
>
>



Ted Seely
Principal Network Design Engineer
Internet Engineering - SprintLink
(W) 703.689.6425
(M) 703.967.3289
AIM - wanpro00
Yahoo IM - tseely01

"Serious damage and router meltdown could be avoided by strict
configuration validation"

Follow-Ups:
- draft-lewis-infrastructure-security (Re: Draft Opsec WG minutes from Montreal IETF)
  - From: Ross Callon <rcallon@juniper.net>

References:
- Draft Opsec WG minutes from Montreal IETF
  - From: "Ross Callon" <rcallon@juniper.net>

Prev by Date: Re: Begin Last Call on draft-ietf-opsec-current-practices-06
Next by Date: draft-lewis-infrastructure-security (Re: Draft Opsec WG minutes from Montreal IETF)
Previous by thread: Draft Opsec WG minutes from Montreal IETF
Next by thread: draft-lewis-infrastructure-security (Re: Draft Opsec WG minutes from Montreal IETF)
Index(es):
- Date
- Thread