Merike Kaeo | 17 Jan 17:45 2006

Re: Review Comments

Comments embedded....

On Jan 17, 2006, at 2:34 AM, Hannes Tschofenig wrote:

> hi merike,
>
>
> Merike Kaeo wrote:
>> Is anyone (re)writing the framework document (which from below would 
>> include the threat model and  problem statement)?  I have time on a 
>> flight this Friday and was going to spend the time then to write this 
>> up.  I am somewhat backlogged and not reading things in real-time 
>> this week.
>
> what exactly would you like to write?

I thought Pekka had asked for help writing the threat model / framework 
document and I had offered to do one of those.  If they are to be 
combined into one document then do you want me to just comment or take 
a stab at re-writing the text?  I guess this question is to Pekka.  If 
I don't hear back I will simply make comments in next few days....

>
>> With the comments below....I believe that the work is not just for 
>> firewalls but can also encompass distributed intrusion detection type 
>> traffic (i.e. coordinating between network vs host based IDS 
>> systems).  Is that the intent?
> that's important for a problem statement and also for a bof. the 
> information you need to configure and exchange in case of firewall 
> configuration and intrusion detection is different.

So that may lead to different solution documents within this potential 
working group.....

- merike

>
> ciao
> hannes
>> - merike
>> On Jan 16, 2006, at 4:04 AM, Pekka Savola wrote:
>>> Hi Hannes -- thanks for comments, hopefully this will trigger some
>>> very useful discussion.. inline,
>>>
>>> On Mon, 16 Jan 2006, Hannes Tschofenig wrote:
>>>
>>>> - incorporate the threats draft into the framework draft.
>>>> if you only focus on the above-described case then the protocol is
>>>> pretty simple and the security threats should focus on the protocol 
>>>> you
>>>> want to develop. you don't want to describe all the security threats
>>>> that can happen in a network.
>>>
>>> ....
>>>
>>>> - make the framework document shorter. try to make it as short as 
>>>> possible.
>>>> make the long story short: "you want to configure policies at the 
>>>> end
>>>> host to perform firewalling functionality." that's it. we don't 
>>>> need to
>>>> give a tutorial about firewalls. it is a deployment choice whether 
>>>> you
>>>> want to use firewalls at the end host, at all network elements or 
>>>> only
>>>> at the edges (or as a combination of all this). this is not 
>>>> relevant for
>>>> the goal you try to accomplish.
>>>
>>>
>>> I think I agree with the main thrust of your comments.  However, I'm
>>> not certain folks here have a clear picture on what each document
>>> should contain..
>>>
>>> You seem to think there is no need to write a problem statement 
>>> and/or
>>> justify why the work is needed, just go straight to the framework 
>>> (and
>>> the threat model).  That justification takes a lot of space in the
>>> framework document as-is, and as it's a bit introductory (and
>>> controversial) it doesn't always generate warm feelings..
>>>
>>> However, I believe that if we don't write about it somewhere, the
>>> issue is going to come up.  Do you think that text is necessary?  If
>>> so, where should it be -- a separate document?
>>>
>>> The rest of the non-integral part of the framework is discussion of
>>> the attributes of that the solution would likely fulfill.  That 
>>> should
>>> probably go somewhere as well, though I could be convinced it doesn't
>>> need to belong to the framework document.
>>>
>>> Based on this, maybe the document structure should be something like:
>>>   - draft-foo-distsec-background (how we got here, something about 
>>> the
>>> problem statement etc. if needed)
>>>   - draft-foo-distsec-framework (generic and short, including threat 
>>> model
>>> discussions and problem statement)
>>>   - draft-foo-distsec-solutionism (or whatever, which could include 
>>> more details
>>> of a possible solution)
>>>
>>> What's your view on where the different parts of text should go, (and
>>> if any) which should simply be thrown away?
>>>
>>> -- 
>>> Pekka Savola                 "You each name yourselves king, yet the
>>> Netcore Oy                    kingdom bleeds."
>>> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
>>> _______________________________________________
>>> distsec mailing list
>>> distsec <at> machshav.com
>>> https://www.machshav.com/mailman/listinfo.cgi/distsec
>>>
>

Gmane