17 Jan 2006 17:45
Re: Review Comments
Merike Kaeo <merike <at> doubleshotsecurity.com>
2006-01-17 16:45:06 GMT
2006-01-17 16:45:06 GMT
Comments embedded.... On Jan 17, 2006, at 2:34 AM, Hannes Tschofenig wrote: > hi merike, > > > Merike Kaeo wrote: >> Is anyone (re)writing the framework document (which from below would >> include the threat model and problem statement)? I have time on a >> flight this Friday and was going to spend the time then to write this >> up. I am somewhat backlogged and not reading things in real-time >> this week. > > what exactly would you like to write? I thought Pekka had asked for help writing the threat model / framework document and I had offered to do one of those. If they are to be combined into one document then do you want me to just comment or take a stab at re-writing the text? I guess this question is to Pekka. If I don't hear back I will simply make comments in next few days.... > >> With the comments below....I believe that the work is not just for >> firewalls but can also encompass distributed intrusion detection type >> traffic (i.e. coordinating between network vs host based IDS >> systems). Is that the intent? > that's important for a problem statement and also for a bof. the > information you need to configure and exchange in case of firewall > configuration and intrusion detection is different. So that may lead to different solution documents within this potential working group..... - merike > > ciao > hannes >> - merike >> On Jan 16, 2006, at 4:04 AM, Pekka Savola wrote: >>> Hi Hannes -- thanks for comments, hopefully this will trigger some >>> very useful discussion.. inline, >>> >>> On Mon, 16 Jan 2006, Hannes Tschofenig wrote: >>> >>>> - incorporate the threats draft into the framework draft. >>>> if you only focus on the above-described case then the protocol is >>>> pretty simple and the security threats should focus on the protocol >>>> you >>>> want to develop. you don't want to describe all the security threats >>>> that can happen in a network. >>> >>> .... >>> >>>> - make the framework document shorter. try to make it as short as >>>> possible. >>>> make the long story short: "you want to configure policies at the >>>> end >>>> host to perform firewalling functionality." that's it. we don't >>>> need to >>>> give a tutorial about firewalls. it is a deployment choice whether >>>> you >>>> want to use firewalls at the end host, at all network elements or >>>> only >>>> at the edges (or as a combination of all this). this is not >>>> relevant for >>>> the goal you try to accomplish. >>> >>> >>> I think I agree with the main thrust of your comments. However, I'm >>> not certain folks here have a clear picture on what each document >>> should contain.. >>> >>> You seem to think there is no need to write a problem statement >>> and/or >>> justify why the work is needed, just go straight to the framework >>> (and >>> the threat model). That justification takes a lot of space in the >>> framework document as-is, and as it's a bit introductory (and >>> controversial) it doesn't always generate warm feelings.. >>> >>> However, I believe that if we don't write about it somewhere, the >>> issue is going to come up. Do you think that text is necessary? If >>> so, where should it be -- a separate document? >>> >>> The rest of the non-integral part of the framework is discussion of >>> the attributes of that the solution would likely fulfill. That >>> should >>> probably go somewhere as well, though I could be convinced it doesn't >>> need to belong to the framework document. >>> >>> Based on this, maybe the document structure should be something like: >>> - draft-foo-distsec-background (how we got here, something about >>> the >>> problem statement etc. if needed) >>> - draft-foo-distsec-framework (generic and short, including threat >>> model >>> discussions and problem statement) >>> - draft-foo-distsec-solutionism (or whatever, which could include >>> more details >>> of a possible solution) >>> >>> What's your view on where the different parts of text should go, (and >>> if any) which should simply be thrown away? >>> >>> -- >>> Pekka Savola "You each name yourselves king, yet the >>> Netcore Oy kingdom bleeds." >>> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings >>> _______________________________________________ >>> distsec mailing list >>> distsec <at> machshav.com >>> https://www.machshav.com/mailman/listinfo.cgi/distsec >>> >
RSS Feed