IETF Logo Mail Archive

Re: [OPSEC] charter skeleton rev5

Merike Kaeo <merike@doubleshotsecurity.com> Mon, 21 January 2008 05:11 UTC

Return-path: <opsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JGowv-0006n2-2z; Mon, 21 Jan 2008 00:11:57 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JGowt-0006mw-Vn for opsec@ietf.org; Mon, 21 Jan 2008 00:11:55 -0500
Received: from smtp.resortinternet.net ([65.114.208.135]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1JGowr-0003u6-O0 for opsec@ietf.org; Mon, 21 Jan 2008 00:11:55 -0500
Received: from [10.40.22.89] ([70.89.162.249]) by smtp.resortinternet.net with Microsoft SMTPSVC(6.0.3790.3959); Sun, 20 Jan 2008 22:11:52 -0700
In-Reply-To: <47940B48.2050001@bogus.com>
References: <47855CF6.9060104@bogus.com> <61EE7556-BFFF-46AD-82F0-A2A9D85E65FB@doubleshotsecurity.com> <47940B48.2050001@bogus.com>
Mime-Version: 1.0 (Apple Message framework v753)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <06F7B472-E699-40A0-900E-367F2477BE21@doubleshotsecurity.com>
Content-Transfer-Encoding: 7bit
From: Merike Kaeo <merike@doubleshotsecurity.com>
Subject: Re: [OPSEC] charter skeleton rev5
Date: Sun, 20 Jan 2008 21:17:16 -0800
To: Joel Jaeggli <joelja@bogus.com>
X-Mailer: Apple Mail (2.753)
X-OriginalArrivalTime: 21 Jan 2008 05:11:52.0522 (UTC) FILETIME=[224202A0:01C85BEC]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Cc: opsec wg mailing list <opsec@ietf.org>
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: opsec wg mailing list <opsec@ietf.org>
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Errors-To: opsec-bounces@ietf.org

>
> I like the tenor of this, but I am also in favor of compactness,  
> and  I
> think rev 5 is quite attractive in the extent to which it is pared  
> back
> to a minimalist core.
>
> would you consider it incomplete without this sentiment?

no - it was simply a suggestion........I have no attachment to the  
suggestion :)

>
>> - in v6ops there's discussion on
>> draft-ietf-v6ops-rfc3330-for-ipv6-04.txt .......specific to which
>> prefixes should get filtered.......we probably want to support/ 
>> comment
>> on that work?!?
>
> One of the concerns I have with enterprise networks in general but  
> also
> with forwarding and control plane protection is the congruence of  
> policy
> between ipv4 and ipv6 configuration. So I would agree and if possible
> amplify that sentiment.
>
>> - Some work items I see as relevant:
>>
>>  -- IPv6 specific operational security concerns (despite common  
>> 'it's no
>> different than v4' comments) I think there's things like RA
>> advertisement suppression and some similar things that may need some
>> consideration.
>
> Indeed... Operationally it's easy enough to respond to and mitigate
> sources of rogue's RA's but can you suppress them a priori without
> features that may/probably do not exist in your switch platform?
> Practice wise there's something be said for not relying on RA's when
> your devices are going to be statically configured.
>
>> -- logging document...definitely needs to be included  
>> somehow....is Tina
>> signed up for the work?  [I totally am in sync with George's  
>> comment a
>> few weeks ago that getting operator input was  
>> tough.......especially as
>> doc editors.........it is important to get people signed up for the
>> writing part....and no, I'm not volunteering right now.......]
>
> Tina has expressed interest I know she's busy so I have avoided
> hasseling her.

Only reason I ask is that the work has been 'in progress' for a few  
years.....I totally understand
busy but if someone else could be recruited to co-author that may be  
something to consider to
help get the writing going?!?!?     It is very important for this wg  
to get authors of documents......while
input from operators is critical, so is the task of actually writing  
the documents.  That was the challenge
in the past few years for opsec.

- merike

_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/opsec

v2.23.0 | Report a Bug | By Email