NOTE: This charter is a snapshot of the 40th IETF Meeting in Washington, DC. It may now be out-of-date. Last Modified: 27-Oct-97
Chair(s):
Barbara Fraser <byf@cert.org>
User Services Area Director(s):
Joyce K. Reynolds <jkrey@isi.edu>
User Services Area Advisor:
Joyce K. Reynolds <jkrey@isi.edu>
Mailing Lists:
General Discussion:ssh@cert.org
To Subscribe: ssh-request@cert.org
Archive: ftp://info.cert.org/pub/ietf/ssh
Description of Working Group:
The Site Security Handbook Working Group is chartered to create two documents: (1) a revised handbook that will help system and network administrators develop their own site-specific policies and procedures to deal with computer security problems and their prevention and (2) a new handbook for users. The text of these documents will be developed from the existing RFC 1244, plus needed revisions and additions.
Goals and Milestones:
Done |
|
Meet at the San Jose IETF and (1) make a decision about which document to produce first, (2) create an SSH editorial board and (3) create a draft outline of the first document. |
Done |
|
Prepare a final outline of the first document. |
Done |
|
Meet at the Danvers IETF and create a rough draft of the first document. |
May 95 |
|
Submit the first document as an Internet-Draft, with comment and review happening on the SSH mailing list. |
Jul 95 |
|
Submit first document as an Internet-Draft. |
Done |
|
Meet at the Stockholm IETF meeting and create an outline for the second document. |
Dec 95 |
|
Submit the second draft of the first document as an Internet-Draft. |
Dec 95 |
|
Meet at IETF and review the second Internet-Draft of the first document. |
Feb 96 |
|
Submit a revised Internet-Draft of the first document, with review happening on the SSH list. |
Mar 96 |
|
Meet at IETF and do a final review of the Internet-Draft of the first document. Develop outline for second document. |
Apr 96 |
|
Submit Internet-Draft of first document to IESG for publication as Informational RFC. |
May 96 |
|
Submit draft of second document to Internet-Drafts. |
Jun 96 |
|
Meet at IETF to review and edit draft. |
Jul 96 |
|
Syvmit second draft of document to Internet-Drafts. |
Oct 96 |
|
Submit final version of document to Internet-Drafts. |
Dec 96 |
|
Submit Internet-Draft of second document to IESG for publication as an Informational RFC. |
Internet-Drafts:
· Users' Security Handbook
Request For Comments:
RFC |
Status |
Title |
RFC2196 |
PS |
Site Security Handbook |
Minutes of the Site Security Handbook (SSH) Working Group
Reported by Gary Malkin/Bay Networks
Status Update
Chairpersons: Barbara Frasier / CERT
Mailing List: ssh@cert.org
To subscribe: ssh-request@cert.org
Archives: ftp://info.cert.org/pub/ietf/ssh
Date of meeting: Washington, D.C. IETF / December 9, 1997
Progress:
The group met in a short (one hour) time slot. We accomplished all of the goals set forth in the Agenda for the meeting; specifically, we reviewed draft-ietf-ssh-users-03.txt, and decided that the group would do no additional documents.
Agenda
I. Discuss current user security handbook draft
II. Discuss other documents
III. Update goals and milestones
Two issues were raised concerning the USH document:
1. How do we best handle the difference between users who have administrative authority over their system(s) and those who don't?
2. The level of the doc stated audience.
I. Discussed Draft 03
External review indicated that the doc is to detailed/complex/specific for the stated audiance. Solution - Internet security primer.
3-section primer: basics, threats, counter-measures
Why have primer? What type of security? Do we need another doc or just another section in USH?
Move self-admin to end (Home Alone), and put in indented sections for novice explanations (or introduction or glossary).
Get first cut of revised draft by end of Jan and second draft prior to LA IETF.
II. Other Docs
End SSH WG with USH doc
III. Actions
· Fold in terms and concepts into USH
· Create glossary for end of doc
· Move all admin-user content to home alone
· Draft by beginning of February
None Received