[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP

To: Danny McPherson <danny@tcb.net>
Subject: Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
From: Ron Bonica <rbonica@juniper.net>
Date: Thu, 28 Jun 2007 11:09:35 -0400
Cc: gmj@pobox.com, George Jones <eludom@gmail.com>, bgreene Barry Greene <bgreene@cisco.com>, "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>, opsec@ops.ietf.org
In-reply-to: <3AD4AE5A-E817-4345-B9F6-05EEFC809429@tcb.net>
References: <E1Hxqaj-0003pn-06@stiedprstage1.ietf.org> <C35ADD020AEBD04383C1F7F644227FDF03D83EBF@xmb-sjc-227.amer.cisco.com> <468288A4.9050208@juniper.net> <Pine.GSO.4.58.0706271956390.1179@marvin.argfrp.us.uu.net> <C35ADD020AEBD04383C1F7F644227FDF03ED8027@xmb-sjc-227.amer.cisco.com> <E399D3D1-3F3E-4966-8694-0D8EF723ADF9@tcb.net> <c1468ac50706271754g7a688f0sec8bed65afa6858e@mail.gmail.com> <AC34E804-261A-4FC0-B347-9CBFA73CA826@tcb.net> <c1468ac50706280059p2a85666ax42634d14f660666c@mail.gmail.com> <3AD4AE5A-E817-4345-B9F6-05EEFC809429@tcb.net>
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

Folks,

Please disregard my previous email, instructing the authors to publish
as INFORMATIONAL. I hadn't read Danny's objection yet when I sent that
instruction.

Danny, Barry, please continue this dialog and try to reach some
consensus. In the mean time, I will retreat into my smoke-filled room to
figure out if there is any RFC that provides guidance in case you can't
reach consensus between one another.

                               Ron


Danny McPherson wrote:
> 
> On Jun 28, 2007, at 1:59 AM, George Jones wrote:
> 
>> On 6/27/07, Danny McPherson <danny@tcb.net> wrote:
>>
>> See the working group charter and framework documents:
>>
>> http://www.ietf.org/html.charters/opsec-charter.html
>>
>> http://www.ietf.org/internet-drafts/draft-ietf-opsec-
>> framework-05.txt  Sec 2.4
>>
>> This was hashed out a long time ago.
> 
> 
> In the charter you use the phrase "capability needed to operate
> network elements in a secure fashion".  In the framework document
> you say "Capability documents list capabilities needed to support
> security practices".  And finally, the filter-caps document itself  states
> "This document lists filtering and rate limiting capabilities needed
> to support those practices".
> 
> So you're telling that all the opsec work is attempting to avoid the
> notion of "requirements", yet all this output represents things that
> are "needed" by the opsec community.  If these things really are
> "needed" and a good idea for the community and consensus exists
> around them, then why would this not be BCP?
> 
> From the first two paragraphs of the WG charter:
> 
> "The goal of the Operational Security Working Group is to codify
> knowledge gained through operational experience about feature sets
> that are needed to securely deploy and operate managed network
> elements providing transit services at the data link and IP
> layers.
> 
> It is anticipated that the codification of this knowledge will be
> an aid to vendors in producing more securable network elements,
> and an aid to operators in increasing security by deploying and
> configuring more secure network elements."
> 
> BCP would seem to me to be the logical output of a good portion of
> work here and it's even what the IESG seemed to believe given their
> IETF LC document status.
> 
> I submit that simply deferring and publishing work here as
> Informational, without better reason, is marginalizing at the very core
> what opsec was meant to provide - a place to generate consensus
> and "codify knowledge gained through operational experience about
> feature sets that are needed to securely deploy and operate managed
> network elements [.....]".
> 
> -danny
> 
> 
> 
>

Follow-Ups:
- RE: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: "Ross Callon" <rcallon@juniper.net>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: Danny McPherson <danny@tcb.net>

References:
- RE: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: "Barry Greene \(bgreene\)" <bgreene@cisco.com>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: Ron Bonica <rbonica@juniper.net>
- RE: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: "Barry Greene \(bgreene\)" <bgreene@cisco.com>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: Danny McPherson <danny@tcb.net>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: "George Jones" <eludom@gmail.com>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: Danny McPherson <danny@tcb.net>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: "George Jones" <eludom@gmail.com>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: Danny McPherson <danny@tcb.net>

Prev by Date: Re: draft-ietf-opsec-filter-caps-08.txt
Next by Date: Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
Previous by thread: Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
Next by thread: Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
Index(es):
- Date
- Thread