Opsec WG - 13 July 2006, IETF 66

Ross Callon and Patrick Cain, Chairs, present

George Jones  volunteered to be jabber scribe

Chris Lonvick  volunteered to take minutes



1. Agenda bashing
	None.

2. Charter review - outputs review

3. Status of Current WG Docs.
opsec-framework : probably to be INFORMATIONAL, WG Last Call will be
   requested soon.
opsec-efforts :  Looks ready; will be sent to WG last call likely next
   week.
opsec-current-practices : some reorg and still filling in content, next
   version coming in a week or two - hopefully destined to become a BCP.
   Last call shall start soon.

4. Status of new-ish WG Docs.
opsec-misc-cap : remove MUST/SHOULD/MAY, some text needs to be modified
   based upon not-so-recent email discussion (Ross to send note to WG 
   about how a document becomes BCP, what it needs to have, etc.)  It 
   was discussed that in general the capabilities documents are 
   discussing "capabilities" and not "requirements", and therefore the 
   "MUST", "SHOULD", ... language will be removed.

opsec-nmasc : author not present

zhao-opsec-routing-capabilities : will be discussed later in the agenda

cain-logging-caps : -00 This is a new document by Pat Cain (was sent to
   working group email exploder -- see July 5th email) but is not yet 
   in the Internet Drafts repository, comments welcome

5. Review of Capabilities documents in Charter - some but not all of the capabilities documents listed in the charter have been written.

6. The way forward:
- The Charter milestones have all been passed.  The ADs would like us
   to finish up (and subsequently close the WG). Regarding the 
   capabilities documents - we need to get them done, or review other 
   options.  They need to be nearly complete at the next IETF meeting. 
   Then get all docs submitted to the IESG by the IETF meeting after 
   that. The ADs have therefore stated that for each capability 
   document we need to have a nearly complete document by September 
   1st, and have the document accepted as a working group document 
   prior to the next IETF (November in San Diego), or the document will 
   be removed from the charter.
- Profiles - there are not a lot of profiles, if anyone is interested,
   please write them (or they too will be removed from the charter)

7. Available documents:
draft-zhao-opsec-routing-capabilities - Miao Fuyou
   Not addressing data packet filtering (out of scope of the document).
   Routing filtering is in scope of the document.
   Should this be a WG document?  (Ross reclused himself from this
   discussion since he is a co-author)
   How will the doc be submitted - INFORMATIONAL or BCP?

   -Ted Seely: still a bit vague, comments about SHOULD/MUST, (George
      suggested SHOULD/MUST/MAY be removed.
   -Pekka: The wording needs to be changed to "the device should be 
      capable of..." rather than "the device MUST...", sometimes "the 
      device should be able to be configured to do.."  Who is the 
      document intended for?
    Vendors so they can build it?  SPs so they can practice this.
   -mike: are these capabilities to address security, or will they 
      be used to address policy?
   -Ross: the WG cannot take on policy, just operational security

   A Hum was taken on acceptance as a WG document:
   -Pat: humm - the FOR humm was slightly louder than the ANTI humm. Since there was not a real consensus we should discuss it more on the mail list.

draft-lewis-infrastructure-security - Peter Shoenmaker
   Best practices in security network infrastructure
   Intended for operators and end customers to make the infrastructure
    more secure
   Complements BCP 38/84
   Should the document become a WG document?
   -Pat: We should make our feelings known on the mailist.
   The -01 draft will be available in the next few weeks.

   -Ross: (speaking as an individual contributor): it needs editing but
      it is valuable
   -Pekka: It's not obvious how this fits into the Charter, there are 
      some techniques that are described that might not be acceptable 
      to all, there are some very useful recommendations, but some more 
      work is needed.
   -Sandy Murphy: Pekka didn't mention his own draft that covers
      infrastructure security.
   -Ross: Pekka will discuss his draft.
   -Sandy: What is the intended use of this document?  Also, there are
      cases where the links are wireless which changes the model that 
      the document addresses.
   -Pat:  A discussion arose during the last IETF that we aren't giving 
      SPs security direction. Darren volunteered to write something up.
   -Darrell Lewis:  There shouldn't be much difference between wired 
      and wireless, or satellite, the Charter mentions that the WG 
      wants operational practices.
   -Ted Seely: The document is relevant.  If there are concerns about
      media, then narrow the scope of the document.  IP hiding is a 
      good suggestion.
   -George: Both this and Pekka's document are in line with the 
      Practices documents.
   -Dave Kessins (as AD): If it's not 100% covered in the charter, that
      shouldn't preclude it from being considered.  However, it is a 
      concern that this WG is behind on their milestones.  The 
      documents need to be done on time.

draft-savola-rtgwg-backbone-attacks-02.txt  - Pekka Savola "Backbone Infrastructure Attacks and Protections"

   Describes a view of ISP backbone network attacks
   Not clear where the home for this document is.
   Francois: IPsec implementation?

draft-savola-bcp84-urpf-experiences-01.txt - Pekka Savola "Experiences from Using Unicast RPF"

Pat: These docs don't appear to exactly fit in the Charter but they look to be useful.
We should look at them and everyone is requested to submit comments.

Pat: Should the document become a WG document?  Needs to be reviewed with the AD.

8. Meeting adjourned.