Re: draft-lewis-infrastructure-security (Re: Draft Opsec WG minutes from Montreal IETF)

["Michael H. Behringer" <mbehring@cisco.com>]

I think the draft addresses opsec issues and should therefore be accepted as WG doc. 

Michael

At 22:33 31/07/2006, Ross Callon wrote:
>At 03:32 PM 7/31/2006 -0400, Ted Seely wrote:
>
>>Hey Ross,
>>
>>Curious, wasn't there discussion to take
>>"draft-lewis-infrastructure-security" to the list as well?  Is that in the
>>minutes as well and I just missed it?
>>
>>If so, and as i said in the WG mtg, I support.
>>
>>Thanks
>>
>>-ted
>
>This is certainly an oversight. What I am not sure is whether this was
>said but we forgot to put it into the minutes (which is my vague recollection),
>or if we forgot to say while in Montreal "we will discuss this further on the
>email list".
>
>In any case, as co-chair, I would like to ask for comments on the list
>regarding whether draft-lewis-infrastructure-security should be accepted
>as a working group document. This is available at:
>http://www.ietf.org/internet-drafts/draft-lewis-infrastructure-security-00.txt
>
>Thanks, Ross
>
>
>>On Sun, 30 Jul 2006, Ross Callon wrote:
>>
>>> Hi,
>>> Included are the draft minutes of our session in Montreal as captured by
>>> Chris, with additions from Ross and me. Please let us know of any omissions
>>> or corrections in the next week.
>>>
>>> Thank you.
>>> Pat
>>>
>>> ===================================
>>> Opsec WG - 13 July 2006, IETF 66
>>>
>>> Ross Callon and Patrick Cain, Chairs, present
>>>
>>> George Jones  volunteered to be jabber scribe
>>>
>>> Chris Lonvick  volunteered to take minutes
>>>
>>>
>>>
>>> 1. Agenda bashing
>>>       None.
>>>
>>> 2. Charter review - outputs review
>>>
>>> 3. Status of Current WG Docs.
>>> opsec-framework : probably to be INFORMATIONAL, WG Last Call will be
>>>    requested soon.
>>> opsec-efforts :  Looks ready; will be sent to WG last call likely next
>>>    week.
>>> opsec-current-practices : some reorg and still filling in content, next
>>>    version coming in a week or two - hopefully destined to become a BCP.
>>>    Last call shall start soon.
>>>
>>> 4. Status of new-ish WG Docs.
>>> opsec-misc-cap : remove MUST/SHOULD/MAY, some text needs to be modified
>>>    based upon not-so-recent email discussion (Ross to send note to WG about
>>>    how a document becomes BCP, what it needs to have, etc.)  It was
>>> discussed
>>>    that in general the capabilities documents are discussing "capabilities"
>>>    and not "requirements", and therefore the "MUST", "SHOULD", ... language
>>>    will be removed.
>>>
>>> opsec-nmasc : author not present
>>>
>>> zhao-opsec-routing-capabilities : will be discussed later in the agenda
>>>
>>> cain-logging-caps : -00 This is a new document by Pat Cain (was sent to
>>> working
>>>    group email exploder -- see July 5th email) but is not yet in the
>>>    Internet Drafts repository, comments welcome
>>>
>>> 5. Review of Capabilities documents in Charter - some but not all of the
>>> capabilities documents listed in the charter have been written.
>>>
>>> 6. The way forward:
>>> - The Charter milestones have all been passed.  The ADs would like us
>>>    to finish up (and subsequently close the WG). Regarding the capabilities
>>>    documents - we need to get them done, or review other options.  They
>>>    need to be nearly complete at the next IETF meeting.  Then get all docs
>>>    submitted to the IESG by the IETF meeting after that. The ADs have
>>>    therefore stated that for each capability document we need to have a
>>>    nearly complete document by September 1st, and have the document
>>>    accepted as a working group document prior to the next IETF (November
>>>    in San Diego), or the document will be removed from the charter.
>>> - Profiles - there are not a lot of profiles, if anyone is interested,
>>>    please write them (or they too will be removed from the charter)
>>>
>>> 7. Available documents:
>>> draft-zhao-opsec-routing-capabilities - Miao Fuyou
>>>    Not addressing data packet filtering (out of scope of the document).
>>>    Routing filtering is in scope of the document.
>>>    Should this be a WG document?  (Ross reclused himself from this
>>>    discussion since he is a co-author)
>>>    How will the doc be submitted - INFORMATIONAL or BCP?
>>>
>>>    -Ted Seely: still a bit vague, comments about SHOULD/MUST, (George
>>>     suggested SHOULD/MUST/MAY be removed.
>>>    -Pekka: The wording needs to be changed to "the device should be capable
>>>     of..." rather than "the device MUST...", sometimes "the device should
>>>     be able to be configured to do.."  Who is the document intended for?
>>>     Vendors so they can build it?  SPs so they can practice this.
>>>    -mike: are these capabilities to address security, or will they be used
>>>     to address policy?
>>>    -Ross: the WG cannot take on policy, just operational security
>>>
>>>    A Hum was taken on acceptance as a WG document:
>>>    -Pat: humm - the FOR humm was slightly louder than the ANTI humm. Since
>>> there
>>>     was not a real consensus we should discuss it more on the mail list.
>>>
>>> draft-lewis-infrastructure-security - Peter Shoenmaker
>>>    Best practices in security network infrastructure
>>>    Intended for operators and end customers to make the infrastructure
>>>     more secure
>>>    Complements BCP 38/84
>>>    Should the document become a WG document?
>>>    The -01 draft will be available in the next few weeks.
>>>
>>>    -Ross: (speaking as an individual contributor): it needs editing but it
>>>     is valuable
>>>    -Pekka: It's not obvious how this fits into the Charter, there are some
>>>     techniques that are described that might not be acceptable to all,
>>>     there are some very useful recommendations, but some more work is
>>>     needed.
>>>    -Sandy Murphy: Pekka didn't mention his own draft that covers
>>>     infrastructure security.
>>>    -Ross: Pekka will discuss his draft.
>>>    -Sandy: What is the intended use of this document?  Also, there are
>>>     cases where the links are wireless which changes the model that the
>>>     document addresses.
>>>    -Pat:  A discussion arose during the last IETF that we aren't giving SPs
>>>     security direction. Darren volunteered to write something up.
>>>    -Darrell Lewis:  There shouldn't be much difference between wired and
>>>     wireless, or satellite, the Charter mentions that the WG wants
>>>     operational practices.
>>>    -Ted Seely: The document is relevant.  If there are concerns about
>>>     media, then narrow the scope of the document.  IP hiding is a good
>>>     suggestion.
>>>    -George: Both this and Pekka's document are in line with the Practices
>>>     documents.
>>>    -Dave Kessins (as AD): If it's not 100% covered in the charter, that
>>>     shouldn't preclude it from being considered.  However, it is a concern
>>>     that this WG is behind on their milestones.  The documents need to be
>>>     done on time.
>>>
>>> draft-savola-rtgwg-backbone-attacks-02.txt  - Pekka Savola
>>> "Backbone Infrastructure Attacks and Protections"
>>>
>>>    Describes a view of ISP backbone network attacks
>>>    Not clear where the home for this document is.
>>>    Francois: IPsec implementation?
>>>
>>> draft-savola-bcp84-urpf-experiences-01.txt - Pekka Savola
>>> "Experiences from Using Unicast RPF"
>>>
>>> Pat: These docs don't appear to exactly fit in the Charter but they look to
>>> be useful.
>>> We should look at them and everyone is requested to submit comments.
>>>
>>> Pat: Should the document become a WG document?  Needs to be reviewed with
>>> the AD.
>>>
>>> 8. Meeting adjourned.
>>>
>>> --end--
>>>
>>>
>>>
>>>
>>
>>
>>
>>Ted Seely
>>Principal Network Design Engineer
>>Internet Engineering - SprintLink
>>(W) 703.689.6425
>>(M) 703.967.3289
>>AIM - wanpro00
>>Yahoo IM - tseely01
>>
>>"Serious damage and router meltdown could be avoided by strict
>>configuration validation"