Re: Last Call: draft-jones-opsec "Operational Security Requirements for IP Network Infrastructure
George M Jones <gmjones@mitre.org> Tue, 27 January 2004 01:03 UTC
Received: from optimus.ietf.org ([132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA27211 for <routing-discussion-archive@lists.ietf.org>; Mon, 26 Jan 2004 20:03:37 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AlHce-0001JA-0i; Mon, 26 Jan 2004 20:02:32 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Al5HW-0005PR-RB for routing-discussion@optimus.ietf.org; Mon, 26 Jan 2004 06:51:54 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA03444 for <routing-discussion@ietf.org>; Mon, 26 Jan 2004 06:51:50 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Al5HS-0002Av-00 for routing-discussion@ietf.org; Mon, 26 Jan 2004 06:51:50 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Al5GU-00029N-00 for routing-discussion@ietf.org; Mon, 26 Jan 2004 06:50:51 -0500
Received: from smtp-bedford-x.mitre.org ([192.160.51.76] helo=smtp-bedford.mitre.org) by ietf-mx with esmtp (Exim 4.12) id 1Al5GQ-000286-00 for routing-discussion@ietf.org; Mon, 26 Jan 2004 06:50:46 -0500
Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.11.6/8.11.6) with ESMTP id i0QBoe923392 for <routing-discussion@ietf.org>; Mon, 26 Jan 2004 06:50:40 -0500
Received: from MAILHUB1 (mailhub1.mitre.org [129.83.20.31]) by smtp-bedford.mitre.org (8.11.6/8.11.6) with ESMTP id i0QBobK23355; Mon, 26 Jan 2004 06:50:37 -0500
Received: from mm110847-2k.mitre.org (128.29.245.3) by mailhub1.mitre.org with SMTP id 5736962; Mon, 26 Jan 2004 06:50:36 -0500
Subject: Re: Last Call: draft-jones-opsec "Operational Security Requirements for IP Network Infrastructure
From: George M Jones <gmjones@mitre.org>
To: David Meyer <dmm@1-4-5.net>
Cc: routing-discussion@ietf.org
In-Reply-To: <20040123174343.GA17496@1-4-5.net>
References: <1074875091.3052.104.camel@mm110847-2k.mitre.org> <20040123174343.GA17496@1-4-5.net>
Content-Type: text/plain
Message-Id: <1075117784.2914.33.camel@mm110847-2k.mitre.org>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 (1.2.2-5)
Date: Mon, 26 Jan 2004 06:49:45 -0500
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.1 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Sender: routing-discussion-admin@ietf.org
Errors-To: routing-discussion-admin@ietf.org
X-BeenThere: routing-discussion@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/routing-discussion>, <mailto:routing-discussion-request@ietf.org?subject=unsubscribe>
List-Id: Routing Area General mailing list <routing-discussion.ietf.org>
List-Post: <mailto:routing-discussion@ietf.org>
List-Help: <mailto:routing-discussion-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/routing-discussion>, <mailto:routing-discussion-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
On Fri, 2004-01-23 at 12:43, David Meyer wrote: > >> > >> An earlier draft had a requirement for saving complete configuration > >> info, > >> including "hidden" and default values (e.g. if finger is enabled in > >> one release, but disabled in subsequent releases, the config should show > >> the settings even if they are set to the current default). I was > >> told this was impractical so it was removed. > > This turns out to be a major pain though, and it would be > "nice" if it would be possible. Seems like a reasonable candidate for reinstatement as a SHOULD. If there are business issues (support nightmare ?) or technical reasons it can't be done, that will leave wiggle-room while. It's on the to-do list, pending IESG feedback/action. > > >> > 2.6.1 Support Rate Limiting > >> > > >> > @@@ I would imagine one would want a mechanism along the lines > >> > @@@ of GTSM here, so that you could protect the limited resource > >> > @@@ (whatever it may be) between the physical interface and the > >> > @@@ processor performing the management function(s). i.e., > >> rate-limiting > >> > @@@ may not be enough to stop an attacker who has deduced where > >> > @@@ the resource limitation (potential DoS) exists. > >> > >> The -00 draft included GTSM, but as it was not standardized, it was > >> moved > >> to the -info draft. See > > Will be RFC 3682 any day now. Excellent. I still think I'm not going to list it here. Earlier drafts (dating back to the pre-IETF versions) had a req that was essentialy RFC2644. That was dropped after it became an IETF draft because other docs in the same space covered it. Same thing will go for GTSM. > > >> > 2.9.1 Ability to Accurately Count Filter Hits > >> > > >> > @@@ s/Accurately// > >> > @@@ i.e., as opposed to inaccurately count, I suppose > >> > >> Yes. The adverb was placed there deliberately as a result of > >> experience using filter counters that were not accurate. > > But isn't this like saying: No bugs in clocks? > > >> > 2.9.6 Filter Counters Must Be Accurate > >> > > >> > @@@ Again, as opposed to "inaccurate" filter counts? > >> > >> Yes. > > Again, who purposely builds inaccurate clocks for this > application (maybe someone does)? Wouldn't it (the > inaccurate counter) be a bug? i.e., isn't the requirement > just saying no bugs in the filter counters? 1 + 1 = 2. But there are major products out there that get it wrong (in the case of accurate filter counts). This needs to be said. > >> > @@@ also, it should be possible to log to a local device (say > >> > @@@ the console) > >> > >> This req had that sort of logging in view, as well as the possibility > >> of logging to local disk Let me know if there is wording that could > >> make it more clear > >> > >> > without hanging the box. > >> > >> What ? You want boxes to not crash ? Picky, picky :-) > > well, you know... Again, let me know if there is wording that you think would make this (need to log to the console) more explcit. > >> > 2.11.7 Logs Must Be Timestamped > >> > > >> > Requirement. The device MUST time-stamp all log messages. The > >> > time-stamp MUST be accurate to within a second or less. The > >> > time-stamp MUST include a timezone. > >> > > >> > @@@ and maybe it should be possible to turn timestamping off? > >> > >> Why ? > > Because I'm an operator and I have some (arbitrary) > reason want to, and a vendor wants to give it to me. That > shouldn't violate the BCP. In any event, that was my > thinking. Better ? By default, the device MUST time-stamp all log messages. The time-stamp MUST be accurate to within a second or less. The time-stamp MUST include a timezone. There MAY be a mechanism to disable the generation of timestamps. Thanks, ---George Jones _______________________________________________ routing-discussion mailing list routing-discussion@ietf.org https://www1.ietf.org/mailman/listinfo/routing-discussion
- Re: Last Call: draft-jones-opsec "Operational Sec… George M Jones
- Re: Last Call: draft-jones-opsec "Operational Sec… David Meyer
- Re: Last Call: draft-jones-opsec "Operational Sec… George M Jones
- Re: Last Call: draft-jones-opsec "Operational Sec… David Meyer