Operational Security Capabilities for IP Network Infrastructure
charter-ietf-opsec-05

WG review announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: opsec WG <opsec@ietf.org> 
Subject: WG Review: Operational Security Capabilities for IP Network Infrastructure (opsec)

The Operational Security Capabilities for IP Network Infrastructure
(opsec) working group in the Operations and Management Area of the IETF
is undergoing rechartering. The IESG has not made any determination yet.
The following draft charter was submitted, and is provided for
informational purposes only. Please send your comments to the IESG
mailing list (iesg at ietf.org) by 2013-10-22.

Operational Security Capabilities for IP Network Infrastructure (opsec)
------------------------------------------------
Current Status: Active WG

Chairs:
  Warren Kumari <warren@kumari.net>
  Gunter Van de Velde <gvandeve@cisco.com>
  KK Chittimaneni <kk@google.com>

Assigned Area Director:
  Joel Jaeggli <joelja@bogus.com>

Mailing list
  Address: opsec@ietf.org
  To Subscribe: https://www.ietf.org/mailman/listinfo/opsec
  Archive: http://www.ietf.org/mail-archive/web/opsec/

Charter:

Goals:

The OPSEC WG will document operational issues and best current practices 
with regard to network security.In particular, the working group will
clarify the rationale of supporting current operational practice, 
addressing gaps in currently understood best practices, and clarifying 
liabilities inherent in security practices where they exist.
  
Scope:

The scope of the OPSEC WG includes the protection and secure  operation
of the forwarding, control and management planes. Documentation of 
operational issues, revision of existing operational security practices 
documents and proposals for new approaches to operational challenges
related to network security are in scope.

Method:

The work will result in the publication of informational or BCP RFCs. 
Taxonomy or problem statement  documents may provide a basis for such
documents.

Informational or Best Current Practices Documents

For each topic addressed, the working group will produce a document that
captures common practices related to secure network operation.  will be
produced. This will be primarily based on operational experience. A
document might convey:

* a threat or threats to be addressed

* current practices for addressing the threat

* protocols, tools and technologies extant at the time of writing that
are used to address the threat

* the possibility that a solution does not exist within existing tools or technologies

Taxonomy and Problem Statement Documents

These are documents that describe the scope of particular operational
security challenges or problem spaces without necessarily coming to
conclusions or proposing solutions. Such a document might be the 
precusor to an informational or best current practices document.

While the principal input of the working group is operational experience
and needs, the output should be directed towards providing guidance to 
the operators community,  other working groups that develop protocols or 
the protocol development community.  

Non-Goals:

The OPSEC WG is will not write or modify protocols. New protocol work
must be addressed through a working group chartered for that work, or 
via one of the individual submission processes. The OPSEC WG may take on
documents related to the practices of using such work.
 


Milestones:
  Done     - Complete Charter
  Done     - First draft of Framework Document as Internet Draft
  Done     - First draft of Standards Survey Document as Internet Draft
  Done     - First draft of Packet Filtering Capabilities
  Done     - First draft of Event Logging Capabilities
  Done     - First draft of Network Operator Current Security Practices
  Done     - First draft of In-Band management capabilities
  Done     - First draft of Out-of-Band management capabilities
  Done     - First draft of Configuration and Management Interface
Capabilities
  Done     - Submit Network Operator Current Security Practices to IESG
  Dec 2012 - WG Adoption of 'BGP operations and security' document
  Dec 2012 - WG Adoption of 'Network Reconnaissance in IPv6 Networks'
document
  Dec 2012 - WG Adoption of 'DHCPv6-Shield: Protecting Against Rogue
DHCPv6 Servers' document
  Dec 2012 - WG Adoption of 'Virtual Private Network (VPN) traffic
leakages in dual-stack hosts/networks' document
  Jan 2013 - WG Last Call for 'Operational Security Considerations for
IPv6 Networks' document
  Jan 2013 - WG Last Call for 'Recommendations for filtering ICMP
messages' document
  Jan 2013 - WG Last Call for 'Recommendations on filtering of IPv4
packets containing IPv4 options' document
  Jan 2013 - WG Last Call for 'Security Implications of IPv6 on IPv4
networks' document
  Mar 2013 - WG Last Call for 'Using Only Link-Local Addressing Inside an
IPv6 Network' document
  Mar 2013 - Submit 'Recommendations for filtering ICMP messages'
document to IESG
  Mar 2013 - Submit 'Recommendations on filtering of IPv4 packets
containing IPv4 options' document to IESG
  Mar 2013 - Submit 'Operational Security Considerations for IPv6
Networks' document to IESG
  Mar 2013 - Submit 'Recommendations for filtering ICMP messages'
document to IESG
  May 2013 - Submit 'Using Only Link-Local Addressing Inside an IPv6
Network' document to IESG
  Jul 2013 - WG Last Call for 'BGP operations and security' document
  Jul 2013 - WG Last Call for 'Network Reconnaissance in IPv6 Networks'
document
  Jul 2013 - WG Last Call for 'DHCPv6-Shield: Protecting Against Rogue
DHCPv6 Servers' document
  Jul 2013 - WG Last Call for 'Virtual Private Network (VPN) traffic
leakages in dual-stack hosts/networks' document
  Sep 2013 - Submit 'BGP operations and security' document to IESG
  Sep 2013 - Submit 'Network Reconnaissance in IPv6 Networks' document to
IESG
  Sep 2013 - Submit 'DHCPv6-Shield: Protecting Against Rogue DHCPv6
Servers' document to IESG


WG action announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: opsec WG <opsec@ietf.org> 
Subject: WG Action: Rechartered Operational Security Capabilities for IP Network Infrastructure (opsec)

The Operational Security Capabilities for IP Network Infrastructure
(opsec) working group in the Operations and Management Area of the IETF
has been rechartered. For additional information please contact the Area
Directors or the WG Chairs.

Operational Security Capabilities for IP Network Infrastructure (opsec)
------------------------------------------------
Current Status: Active WG

Chairs:
  Warren Kumari <warren@kumari.net>
  Gunter Van de Velde <gvandeve@cisco.com>
  KK Chittimaneni <kk@google.com>

Assigned Area Director:
  Joel Jaeggli <joelja@bogus.com>

Mailing list
  Address: opsec@ietf.org
  To Subscribe: https://www.ietf.org/mailman/listinfo/opsec
  Archive: http://www.ietf.org/mail-archive/web/opsec/

Charter:

Goals:

The OPSEC WG will document operational issues and best current practices 
with regard to network security. In particular, the working group will 
clarify the rationale of supporting current operational practice, 
addressing gaps in currently understood best practices and clarifying 
liabilities inherent in security practices where they exist.

Scope:

The scope of the OPSEC WG includes the protection and secure operation 
of the forwarding, control and management planes. Documentation of 
operational issues, revision of existing operational security practices 
documents and proposals for new approaches to operational challenges 
related to network security are in scope.

Method:

The work will result in the publication of informational or BCP RFCs. 
Taxonomy or problem statement documents may provide a basis for such 
documents.

Informational or Best Current Practices Documents

For each topic addressed, the working group will produce a document that
captures common practices related to secure network operation. This will 
be primarily based on operational experience. A document might convey:

* a threat or threats to be addressed

* current practices for addressing the threat

* protocols, tools and technologies extant at the time of writing that 
are used to address the threat

* the possibility that a solution does not exist within existing tools 
or technologies

Taxonomy and Problem Statement Documents

These are documents that describe the scope of particular operational 
security challenges or problem spaces without necessarily coming to 
conclusions or proposing solutions. Such a document might be the 
precursor to an informational or best current practices document.

While the principal input of the working group is operational experience 
and needs, the output should be directed towards providing guidance to 
the operators community, other working groups that develop protocols or 
the protocol development community.

Non-Goals:

The OPSEC WG is will not write or modify protocols. New protocol work 
must be addressed through a working group chartered for that work, or 
via one of the individual submission processes. The OPSEC WG may take on 
documents related to the practices of using such work.

Milestones:
  Done     - Complete Charter
  Done     - First draft of Framework Document as Internet Draft
  Done     - First draft of Standards Survey Document as Internet Draft
  Done     - First draft of Packet Filtering Capabilities
  Done     - First draft of Event Logging Capabilities
  Done     - First draft of Network Operator Current Security Practices
  Done     - First draft of In-Band management capabilities
  Done     - First draft of Out-of-Band management capabilities
  Done     - First draft of Configuration and Management Interface
Capabilities
  Done     - Submit Network Operator Current Security Practices to IESG
  Dec 2012 - WG Adoption of 'BGP operations and security' document
  Dec 2012 - WG Adoption of 'Network Reconnaissance in IPv6 Networks'
document
  Dec 2012 - WG Adoption of 'DHCPv6-Shield: Protecting Against Rogue
DHCPv6 Servers' document
  Dec 2012 - WG Adoption of 'Virtual Private Network (VPN) traffic
leakages in dual-stack hosts/networks' document
  Jan 2013 - WG Last Call for 'Operational Security Considerations for
IPv6 Networks' document
  Jan 2013 - WG Last Call for 'Recommendations for filtering ICMP
messages' document
  Jan 2013 - WG Last Call for 'Recommendations on filtering of IPv4
packets containing IPv4 options' document
  Jan 2013 - WG Last Call for 'Security Implications of IPv6 on IPv4
networks' document
  Mar 2013 - WG Last Call for 'Using Only Link-Local Addressing Inside an
IPv6 Network' document
  Mar 2013 - Submit 'Recommendations for filtering ICMP messages'
document to IESG
  Mar 2013 - Submit 'Recommendations on filtering of IPv4 packets
containing IPv4 options' document to IESG
  Mar 2013 - Submit 'Operational Security Considerations for IPv6
Networks' document to IESG
  Mar 2013 - Submit 'Recommendations for filtering ICMP messages'
document to IESG
  May 2013 - Submit 'Using Only Link-Local Addressing Inside an IPv6
Network' document to IESG
  Jul 2013 - WG Last Call for 'BGP operations and security' document
  Jul 2013 - WG Last Call for 'Network Reconnaissance in IPv6 Networks'
document
  Jul 2013 - WG Last Call for 'DHCPv6-Shield: Protecting Against Rogue
DHCPv6 Servers' document
  Jul 2013 - WG Last Call for 'Virtual Private Network (VPN) traffic
leakages in dual-stack hosts/networks' document
  Sep 2013 - Submit 'BGP operations and security' document to IESG
  Sep 2013 - Submit 'Network Reconnaissance in IPv6 Networks' document to
IESG
  Sep 2013 - Submit 'DHCPv6-Shield: Protecting Against Rogue DHCPv6
Servers' document to IESG


Ballot announcement

Technical Summary

   Relevant content can frequently be found in the abstract
   and/or introduction of the document.  If not, this may be 
   an indication that there are deficiencies in the abstract
   or introduction.

Working Group Summary

   Was there anything in the WG process that is worth noting?
   For example, was there controversy about particular points 
   or were there decisions where the consensus was
   particularly rough? 

Document Quality

   Are there existing implementations of the protocol?  Have a 
   significant number of vendors indicated their plan to
   implement the specification?  Are there any reviewers that
   merit special mention as having done a thorough review,
   e.g., one that resulted in important changes or a
   conclusion that the document had no substantive issues?  If
   there was a MIB Doctor, Media Type, or other Expert Review,
   what was its course (briefly)?  In the case of a Media Type
   Review, on what date was the request posted?

Personnel

   Who is the Document Shepherd for this document?  Who is the 
   Responsible Area Director?  If the document requires IANA
   experts(s), insert 'The IANA Expert(s) for the registries
   in this document are <TO BE ADDED BY THE AD>.'

RFC Editor Note

  (Insert RFC Editor Note here or remove section)

IRTF Note

  (Insert IRTF Note here or remove section)

IESG Note

  (Insert IESG Note here or remove section)

IANA Note

  (Insert IANA Note here or remove section)