Re: [OPSEC] Fwd: ID Tracker State Update Notice: <draft-ietf-opsec-protect-control-plane-06.txt>
Joel Jaeggli <joelja@bogus.com> Wed, 05 January 2011 00:11 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0CFA43A6DD6 for <opsec@core3.amsl.com>; Tue, 4 Jan 2011 16:11:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id feRTlfEjRV0x for <opsec@core3.amsl.com>; Tue, 4 Jan 2011 16:11:00 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id 876C43A6DD1 for <opsec@ietf.org>; Tue, 4 Jan 2011 16:10:57 -0800 (PST)
Received: from joelja-mac.local (adsl-71-134-252-204.dsl.pltn13.pacbell.net [71.134.252.204]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id p050Cu81096025 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Wed, 5 Jan 2011 00:12:57 GMT (envelope-from joelja@bogus.com)
Message-ID: <4D23B783.4080008@bogus.com>
Date: Tue, 04 Jan 2011 16:12:51 -0800
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: George Jones <fooologist@gmail.com>
References: <20101223193418.26547.34582.idtracker@localhost> <64E1A73D-2221-4035-8E77-79A6515A0DC3@kumari.net> <20110104092257.2ff16390@t61p> <AANLkTinsOZrbJ2+5pSVnTxFXcw0QLuPR5Q5guN6ZWE8n@mail.gmail.com>
In-Reply-To: <AANLkTinsOZrbJ2+5pSVnTxFXcw0QLuPR5Q5guN6ZWE8n@mail.gmail.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "opsec@ietf.org mailing list" <opsec@ietf.org>, Warren Kumari <warren@kumari.net>
Subject: Re: [OPSEC] Fwd: ID Tracker State Update Notice: <draft-ietf-opsec-protect-control-plane-06.txt>
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2011 00:11:05 -0000
On 1/4/11 3:33 PM, George Jones wrote: > > > On Tue, Jan 4, 2011 at 10:22 AM, John Kristoff <jtk@cymru.com > <mailto:jtk@cymru.com>> wrote: > > On Thu, 23 Dec 2010 15:22:22 -0500 > Warren Kumari <warren@kumari.net <mailto:warren@kumari.net>> wrote: > > > So, our active queue is beginning to look very sparse... I have a > > draft that I started writing a while ago that Chris Morrow and Danny > > McPherson have agreed to fix / update (poke...), does anyone have > > anything else that they are working on? > > I had started a port filtering draft. A second revision has been > started, but we haven't spent much time on it lately. I can endeavor > to get this work going again this week. > > <http://tools.ietf.org/html/draft-kristoff-opsec-port-filtering-00> > > > > Looks like you were tackling the "what to filter and why" + gotchas. > Noble. Useful. > But if the device just can't do it, not sufficient. So another thought has to do with how port filtering is done, and essentially this is a control plane policy exercise. If filtering a port in an acl is less expensive than passing a packet up to the control plane (where it ends up being discarded because there's no listening service) do you win? > Again, what I had in mind was as series of docs that provide testable > security features, > possibly paired with a test methodology. > > Before diving into any serious work, though, it would be worth asking > the question, > would anybody care/be positively impacted if the docs were finished. > Does anybody > do this sort of testing? Would they? Would a list in the form of RFCs > help ? > > ----George Jones > > > > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec
- [OPSEC] Fwd: ID Tracker State Update Notice: <dra… Warren Kumari
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … Joel Jaeggli
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … George Jones
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … John Kristoff
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … Smith, Donald
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … George Jones
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … Joel Jaeggli
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … Fernando Gont
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … Christopher Morrow
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … Jared Mauch
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … Ronald Bonica
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … Smith, Donald
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … George Jones
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … George Jones
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … Smith, Donald
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … Warren Kumari
- Re: [OPSEC] Fwd: ID Tracker State Update Notice: … Joel Jaeggli