[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP

To: gmj@pobox.com, George Jones <eludom@gmail.com>
Subject: Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
From: Danny McPherson <danny@tcb.net>
Date: Thu, 28 Jun 2007 05:10:14 -0600
Cc: "bgreene Barry Greene" <bgreene@cisco.com>, "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>, "Ron Bonica" <rbonica@juniper.net>, opsec@ops.ietf.org
In-reply-to: <c1468ac50706280059p2a85666ax42634d14f660666c@mail.gmail.com>
References: <E1Hxqaj-0003pn-06@stiedprstage1.ietf.org> <C35ADD020AEBD04383C1F7F644227FDF03D83EBF@xmb-sjc-227.amer.cisco.com> <468288A4.9050208@juniper.net> <Pine.GSO.4.58.0706271956390.1179@marvin.argfrp.us.uu.net> <C35ADD020AEBD04383C1F7F644227FDF03ED8027@xmb-sjc-227.amer.cisco.com> <E399D3D1-3F3E-4966-8694-0D8EF723ADF9@tcb.net> <c1468ac50706271754g7a688f0sec8bed65afa6858e@mail.gmail.com> <AC34E804-261A-4FC0-B347-9CBFA73CA826@tcb.net> <c1468ac50706280059p2a85666ax42634d14f660666c@mail.gmail.com>


On Jun 28, 2007, at 1:59 AM, George Jones wrote:

On 6/27/07, Danny McPherson <danny@tcb.net> wrote:

See the working group charter and framework documents:

http://www.ietf.org/html.charters/opsec-charter.html

http://www.ietf.org/internet-drafts/draft-ietf-opsec-framework-05.txt Sec 2.4


This was hashed out a long time ago.


In the charter you use the phrase "capability needed to operate
network elements in a secure fashion".  In the framework document
you say "Capability documents list capabilities needed to support

security practices". And finally, the filter-caps document itselfstates

"This document lists filtering and rate limiting capabilities needed
to support those practices".

So you're telling that all the opsec work is attempting to avoid the
notion of "requirements", yet all this output represents things that
are "needed" by the opsec community.  If these things really are
"needed" and a good idea for the community and consensus exists
around them, then why would this not be BCP?

From the first two paragraphs of the WG charter:

"The goal of the Operational Security Working Group is to codify
knowledge gained through operational experience about feature sets
that are needed to securely deploy and operate managed network
elements providing transit services at the data link and IP
layers.

It is anticipated that the codification of this knowledge will be
an aid to vendors in producing more securable network elements,
and an aid to operators in increasing security by deploying and
configuring more secure network elements."

BCP would seem to me to be the logical output of a good portion of
work here and it's even what the IESG seemed to believe given their
IETF LC document status.

I submit that simply deferring and publishing work here as
Informational, without better reason, is marginalizing at the very core
what opsec was meant to provide - a place to generate consensus
and "codify knowledge gained through operational experience about
feature sets that are needed to securely deploy and operate managed
network elements [.....]".

-danny

Follow-Ups:
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: Ron Bonica <rbonica@juniper.net>

References:
- RE: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: "Barry Greene \(bgreene\)" <bgreene@cisco.com>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: Ron Bonica <rbonica@juniper.net>
- RE: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: "Barry Greene \(bgreene\)" <bgreene@cisco.com>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: Danny McPherson <danny@tcb.net>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: "George Jones" <eludom@gmail.com>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: Danny McPherson <danny@tcb.net>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: "George Jones" <eludom@gmail.com>

Prev by Date: Fwd: draft-ietf-opsec-filter-caps-08.txt
Next by Date: Re: draft-ietf-opsec-filter-caps-08.txt
Previous by thread: Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
Next by thread: Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
Index(es):
- Date
- Thread