2.8.2 Site Security Handbook (ssh)

NOTE: This charter is a snapshot of the 41st IETF Meeting in Los Angeles, California. It may now be out-of-date. Last Modified: 12-Feb-98


Barbara Fraser <byf@cert.org>

User Services Area Director(s):

Joyce K. Reynolds <jkrey@isi.edu>

User Services Area Advisor:

Joyce K. Reynolds <jkrey@isi.edu>

Mailing Lists:

General Discussion:ssh@cert.org
To Subscribe: ssh-request@cert.org
Archive: ftp://info.cert.org/pub/ietf/ssh

Description of Working Group:

The Site Security Handbook Working Group is chartered to create two documents: (1) a revised handbook that will help system and network administrators develop their own site-specific policies and procedures to deal with computer security problems and their prevention and (2) a new handbook for users. The text of these documents will be developed from the existing RFC 1244, plus needed revisions and additions.

Goals and Milestones:



Meet at the San Jose IETF and (1) make a decision about which document to produce first, (2) create an SSH editorial board and (3) create a draft outline of the first document.



Prepare a final outline of the first document.



Meet at the Danvers IETF and create a rough draft of the first document.

May 95


Submit the first document as an Internet-Draft, with comment and review happening on the SSH mailing list.

Jul 95


Submit first document as an Internet-Draft.



Meet at the Stockholm IETF meeting and create an outline for the second document.

Dec 95


Submit the second draft of the first document as an Internet-Draft.

Dec 95


Meet at IETF and review the second Internet-Draft of the first document.

Feb 96


Submit a revised Internet-Draft of the first document, with review happening on the SSH list.

Mar 96


Meet at IETF and do a final review of the Internet-Draft of the first document. Develop outline for second document.

Apr 96


Submit Internet-Draft of first document to IESG for publication as Informational RFC.

May 96


Submit draft of second document to Internet-Drafts.

Jun 96


Meet at IETF to review and edit draft.

Jul 96


Submit second draft of document to Internet-Drafts.

Oct 96


Submit final version of document to Internet-Drafts.

Dec 96


Submit Internet-Draft of second document to IESG for publication as an Informational RFC.


Request For Comments:







Site Security Handbook

Current Meeting Report

Minutes of the Site Security Handbook (ssh) Working Group

Submitted by Barbara Fraser

The SSH working group met once during this IETF meeting. The purpose of the meeting was to discuss the current draft, draft-ietf-ssh-users-04.txt. The document had not evolved since the Munich IETF and the editor will be incorporating the changes recommended at the December IETF meeting:

· cleanly separate guidance for administrative users from guidance for "corporate" users. The "home alone" section will contain all special guidance to such administrative users.
· add a glossary of key terms
· incorporate definitions within body of document as reasonable.

Discussion on content of the document started with the suggestion that we include a couple of paragraphs guiding the users to report incidents and warning them that the act of investigating such reports may cause temporary changes in their working environment. During this discussion it was also mentioned that users might be more vulnerable to social engineering (e.g., requests for their passwords) during such times. This note will be added to the section discussing social engineering.

The introduction section was discussed and the group decided to remove content that had nothing to do with the reader such (e.g., the mention that this document might be useful to system administrators).

A suggestion was made to include some guidance to users on responsible use of the net. We'll point to other documents but still try to incorporate a general moral tone throughout the document regarding general good neighborliness.

There was discussion concerning the need for a very short document that would guide system administrators in the use of this document. Phil's earlier draft roadmap document will be resurrected once we've finished this document.

Current schedule for completion of the user's handbook:

· New draft by May 1
· All review completed by June 1
· Completed documented submitted for IETF last call by June 30

Barbara will work with the new User Area AD, April Marine, to decide how to progress this document. It may be that a full IETF last call may not be needed.


None Received

Attendees List

go to list