Re: Last Call: draft-jones-opsec "Operational Security Requirements for IP Network Infrastructure
David Meyer <dmm@1-4-5.net> Tue, 27 January 2004 23:59 UTC
Received: from optimus.ietf.org ([132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA01177 for <routing-discussion-archive@lists.ietf.org>; Tue, 27 Jan 2004 18:59:00 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Ald58-0005M7-Ko; Tue, 27 Jan 2004 18:57:22 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Al8lU-0006fp-Dv for routing-discussion@optimus.ietf.org; Mon, 26 Jan 2004 10:35:04 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA09790 for <routing-discussion@ietf.org>; Mon, 26 Jan 2004 10:35:01 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Al8lR-0003M0-00 for routing-discussion@ietf.org; Mon, 26 Jan 2004 10:35:01 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Al8kV-0003KE-00 for routing-discussion@ietf.org; Mon, 26 Jan 2004 10:34:04 -0500
Received: from m106.maoz.com ([205.167.76.9]) by ietf-mx with esmtp (Exim 4.12) id 1Al8jd-0003Fl-00 for routing-discussion@ietf.org; Mon, 26 Jan 2004 10:33:09 -0500
Received: from m106.maoz.com (localhost.localdomain [127.0.0.1]) by m106.maoz.com (8.12.10/8.12.10) with ESMTP id i0QFWZ3K017852; Mon, 26 Jan 2004 07:32:35 -0800
Received: (from dmm@localhost) by m106.maoz.com (8.12.10/8.12.10/Submit) id i0QFWYmY017851; Mon, 26 Jan 2004 07:32:34 -0800
X-Authentication-Warning: m106.maoz.com: dmm set sender to dmm@1-4-5.net using -f
Date: Mon, 26 Jan 2004 07:32:34 -0800
From: David Meyer <dmm@1-4-5.net>
To: George M Jones <gmjones@mitre.org>
Cc: routing-discussion@ietf.org
Subject: Re: Last Call: draft-jones-opsec "Operational Security Requirements for IP Network Infrastructure
Message-ID: <20040126153234.GA17832@1-4-5.net>
References: <1074875091.3052.104.camel@mm110847-2k.mitre.org> <20040123174343.GA17496@1-4-5.net> <1075117784.2914.33.camel@mm110847-2k.mitre.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1075117784.2914.33.camel@mm110847-2k.mitre.org>
User-Agent: Mutt/1.4.1i
X-public-key: http://www.1-4-5.net/~dmm/public-key.asc
X-philosophy: "I just had to let it go" -- John Lennon
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60
Sender: routing-discussion-admin@ietf.org
Errors-To: routing-discussion-admin@ietf.org
X-BeenThere: routing-discussion@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/routing-discussion>, <mailto:routing-discussion-request@ietf.org?subject=unsubscribe>
List-Id: Routing Area General mailing list <routing-discussion.ietf.org>
List-Post: <mailto:routing-discussion@ietf.org>
List-Help: <mailto:routing-discussion-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/routing-discussion>, <mailto:routing-discussion-request@ietf.org?subject=subscribe>
On Mon, Jan 26, 2004 at 06:49:45AM -0500, George M Jones wrote: >> On Fri, 2004-01-23 at 12:43, David Meyer wrote: >> >> > >> >> > >> An earlier draft had a requirement for saving complete configuration >> > >> info, >> > >> including "hidden" and default values (e.g. if finger is enabled in >> > >> one release, but disabled in subsequent releases, the config should show >> > >> the settings even if they are set to the current default). I was >> > >> told this was impractical so it was removed. >> > >> > This turns out to be a major pain though, and it would be >> > "nice" if it would be possible. >> >> Seems like a reasonable candidate for reinstatement as a SHOULD. If >> there are business issues (support nightmare ?) or technical reasons it >> can't be done, that will leave wiggle-room while. It's on the to-do >> list, pending IESG feedback/action. Fine. >> > >> > 2.6.1 Support Rate Limiting >> > >> > >> > >> > @@@ I would imagine one would want a mechanism along the lines >> > >> > @@@ of GTSM here, so that you could protect the limited resource >> > >> > @@@ (whatever it may be) between the physical interface and the >> > >> > @@@ processor performing the management function(s). i.e., >> > >> rate-limiting >> > >> > @@@ may not be enough to stop an attacker who has deduced where >> > >> > @@@ the resource limitation (potential DoS) exists. >> > >> >> > >> The -00 draft included GTSM, but as it was not standardized, it was >> > >> moved >> > >> to the -info draft. See >> > >> > Will be RFC 3682 any day now. >> >> >> Excellent. >> >> I still think I'm not going to list it here. Earlier drafts (dating >> back to the pre-IETF versions) had a req that was essentialy RFC2644. >> That was dropped after it became an IETF draft because other docs in >> the same space covered it. Same thing will go for GTSM. Ok. >> > >> > 2.9.1 Ability to Accurately Count Filter Hits >> > >> > >> > >> > @@@ s/Accurately// >> > >> > @@@ i.e., as opposed to inaccurately count, I suppose >> > >> >> > >> Yes. The adverb was placed there deliberately as a result of >> > >> experience using filter counters that were not accurate. >> > >> > But isn't this like saying: No bugs in clocks? >> > >> > >> > 2.9.6 Filter Counters Must Be Accurate >> > >> > >> > >> > @@@ Again, as opposed to "inaccurate" filter counts? >> > >> >> > >> Yes. >> > >> > Again, who purposely builds inaccurate clocks for this >> > application (maybe someone does)? Wouldn't it (the >> > inaccurate counter) be a bug? i.e., isn't the requirement >> > just saying no bugs in the filter counters? >> >> >> 1 + 1 = 2. But there are major products out there that get it >> wrong (in the case of accurate filter counts). This needs to be said. Ok. >> > >> > @@@ also, it should be possible to log to a local device (say >> > >> > @@@ the console) >> > >> >> > >> This req had that sort of logging in view, as well as the possibility >> > >> of logging to local disk Let me know if there is wording that could >> > >> make it more clear >> > >> >> > >> > without hanging the box. >> > >> >> > >> What ? You want boxes to not crash ? Picky, picky :-) >> > >> > well, you know... >> >> Again, let me know if there is wording that you think would make this >> (need to log to the console) more explcit. >> >> >> >> > >> > 2.11.7 Logs Must Be Timestamped >> > >> > >> > >> > Requirement. The device MUST time-stamp all log messages. The >> > >> > time-stamp MUST be accurate to within a second or less. The >> > >> > time-stamp MUST include a timezone. >> > >> > >> > >> > @@@ and maybe it should be possible to turn timestamping off? >> > >> >> > >> Why ? >> > >> > Because I'm an operator and I have some (arbitrary) >> > reason want to, and a vendor wants to give it to me. That >> > shouldn't violate the BCP. In any event, that was my >> > thinking. >> >> Better ? >> >> By default, the device MUST time-stamp all log messages. The >> time-stamp MUST be accurate to within a second or less. The >> time-stamp MUST include a timezone. There MAY be a mechanism >> to disable the generation of timestamps. Sure. Thanks, Dave _______________________________________________ routing-discussion mailing list routing-discussion@ietf.org https://www1.ietf.org/mailman/listinfo/routing-discussion
- Re: Last Call: draft-jones-opsec "Operational Sec… George M Jones
- Re: Last Call: draft-jones-opsec "Operational Sec… David Meyer
- Re: Last Call: draft-jones-opsec "Operational Sec… George M Jones
- Re: Last Call: draft-jones-opsec "Operational Sec… David Meyer