Operational Security Requirements BOF (opsec) Thursday, July 17 at 1300-1500 =============================== CHAIR: George M. Jones AGENDA: * Welcome and discussion of agenda (Jones, 10 min) * History and Current Status (Jones, 10 min) * Goals (Jones, 10 minutes) * Related Work/Relationships (Jones, et al., 10 min) * Overview of draft (Jones, 30 minutes) * Discuss Contents of the draft (all, 30 minutes) * Define Next Steps, Work Areas, Milestones (Jones, et al., 10 minutes) * Adjourn Mailing Lists: General Discussion: opsec@ops.ietf.org To Subscribe: majordomo@ops.ietf.org, "subscribe opsec" in body. Archive: http://ops.ietf.org/lists/opsec/ Purpose: The primary purposes of this BOF are to 1. Discuss the draft 2. To determine appropriate next steps. From the draft: This document defines a list of security requirements for devices that implement the Internet Protocol (IP). These requirements apply to devices that makeup the network core infrastructure (such as routers and switches) as well other devices that implement IP (e.g., cable modems, personal firewalls,hosts). A framework is defined for specifying "profiles", which are collections of devices applicable to certain classes of devices. The goal is to provide consumers of network equipment a clear, concise way of communicating their security requirements to vendors of such equipment. Current Status: The initial draft has been published. Comments are being solicited, both online and via a BOF. The intent is to go through one to three rounds as an Internet Draft and then re-evaluate the proper course of action. Some possibilities include: * Proceed towards a single individual submission informational RFC * Split into several drafts (BCP vs. non-BCP, functional vs. assurance, etc.) * Collaborate with ANSI on updates to T1.276-200x * Form a working group Some of the work that needs to get done includes: * Breaking down compound requirements (global) * Creating "profiles" of requirements appropriate to different classes of devices (Edge, Core, Wireless, SOHO...) Background Information: See http://www.port111.com/opsec/ for the latest rev, a list of meta issues, to-dos, etc.