[BCOP] BCOP Draft-2: open for comments

Carmen Denis Polanco carmen.denis at correo.uady.mx
Tue Jun 19 12:06:12 BRT 2018 

Hi Christian, Lucimara and Jordi,


>Regarding your 2nd suggestion, I’m not sure how to address that … do you have any idea as starting point? May be is something so simple as “if the CPE can’t be updated to accommodate the requirements in this document, then it must be replaced” ?


About this, I think it can be include the end of executive summary:


The following is a simple guide to recommendations for detecting and replacing obsolete CPEs:

If the CPE does not have hardware or software support from the manufacturer or supplier, it must be replaced.

If the CPE has more than 5 (five) years of life, it must be replaced.

If the CPE can not be updated to meet the requirements of this document, it must be replaced.




Regards.


Carmen



________________________________
De: BCOP <bcop-bounces at lacnog.org> en nombre de JORDI PALET MARTINEZ <jordi.palet at consulintel.es>
Enviado: martes, 19 de junio de 2018 03:41 a. m.
Para: This list is to discuss BCOPs in LACNOG
Asunto: Re: [BCOP] BCOP Draft-2: open for comments


Hi Christian,



I know there is a generic “update” feature set in the MR section, but it is too generic.



As said before. IPv6 must be there altogether with IPv4-in-IPv6 support. Not having that is a security risk, as well as cheating customers, because you’re providing a CPE which is no longer valid *already today*.



I think we need to have a strong wording on that in every BCOP we do. Otherwise message is only read if you specifically read the BCOP on CPEs, etc.



Regarding your 2nd suggestion, I’m not sure how to address that … do you have any idea as starting point? May be is something so simple as “if the CPE can’t be updated to accommodate the requirements in this document, then it must be replaced” ?

Regards,

Jordi







De: BCOP <bcop-bounces at lacnog.org> en nombre de Christian O'Flaherty <oflaherty at isoc.org>
Responder a: This list is to discuss BCOPs in LACNOG <bcop at lacnog.org>
Fecha: lunes, 18 de junio de 2018, 21:55
Para: This list is to discuss BCOPs in LACNOG <bcop at lacnog.org>
Asunto: Re: [BCOP] BCOP Draft-2: open for comments







GR-03: The CPE MUST support IPv6 following RFC7084 and transition mechanisms (draft-ietf-v6ops-transition-ipv4aas), in order to avoid the risk of a premature obsolescence.





We have to find the appropriate wording to reference relevant documents avoiding normative language on topics outside security.



The "risk of a premature obsolescence” Is addressed in section: "Update and Management Requirements (MR)"



BTW, should we include a section with recommendations for detecting and replacing obsolete CPEs?



Christian











The mention to draft-ietf-v6ops-transition-ipv4aas will be sufficient once it is an RFC, because it already has a MUST for RFC7084.









I think it makes a lot of sense.





Regards,





Jordi



















De: BCOP <bcop-bounces at lacnog.org<mailto:bcop-bounces at lacnog.org>> en nombre de Jan Zorz <zorz at isoc.org<mailto:zorz at isoc.org>>
Responder a: This list is to discuss BCOPs in LACNOG <bcop at lacnog.org<mailto:bcop at lacnog.org>>
Fecha: sábado, 16 de junio de 2018, 15:59
Para: "bcop at lacnog.org<mailto:bcop at lacnog.org>" <bcop at lacnog.org<mailto:bcop at lacnog.org>>
Asunto: Re: [BCOP] BCOP Draft-2: open for comments







He he, should we declare absence of IPv6 support a security risk? :D



On a serious note - somebody could go, get this list of requirements, discover that IPv6 is not a requirement and with straight face order cpe's without IPv6 support. That's a risk that I see.



I would add just a sentence at the beginning that it is presumed for the purpose of the document that IPv6 and IPv4 protocols are supported, implemented and enabled.



Cheers, Jan



---



Sent from mobile phone, please excuse brevity and top-posting



On 16 Jun 2018, at 16:33, JORDI PALET MARTINEZ <jordi.palet at consulintel.es<mailto:jordi.palet at consulintel.es>> wrote:



Hi Jan,



It is a "minimum security for acquisition", not minimum features ... Those features are better documented in RFC7084 and if you want to support transition soon, hopefully in the RFC resulting from draft-ietf-v6ops-transition-ipv4aas



I think when done, we can also bring it to RIPE ?



Regards,

Jordi







-----Mensaje original-----

De: BCOP <bcop-bounces at lacnog.org<mailto:bcop-bounces at lacnog.org>> en nombre de Jan Zorz - ISOC <zorz at isoc.org<mailto:zorz at isoc.org>>

Responder a: This list is to discuss BCOPs in LACNOG <bcop at lacnog.org<mailto:bcop at lacnog.org>>

Fecha: sábado, 16 de junio de 2018, 15:27

Para: <bcop at lacnog.org<mailto:bcop at lacnog.org>>

Asunto: Re: [BCOP] BCOP Draft-2: open for comments



    On 16/06/2018 04:59, Lucimara Desiderá wrote:



 Hello LACNOG Community









 After two rounds of discussions, we are releasing today the Draft-2 of





 the BCOP document "Minimum security requirements for CPEs acquisition".









 Until July 22, 2018, the Draft-2 will be open for comments and





 suggestions from the whole LACNOG community and you are all welcome to





 provide feedback and make contributions. Contributors from M3AAWG will





 also have the opportunity to review the document.









 The Draft-2 is available at the link below. In order make comments and





 to see others' suggestions, please sign in to Google Docs and request





 permission to edit.









 https://docs.google.com/document/d/1_Sa8ZEnKXiAnh_xRc-J44VXadUGdr98MT_MZrA5sALc/edit?usp=sharing





    Hey,



    Thank you for sharing, this is a great document. I skimmed through while

    waiting for my flight home at Helsinki airport and document looks in

    good shape. It's a bit IETF-ish, but on the other hand that also gives

    clarity to the language.



    One thing that I'm missing is that IPv6 is not requested as a must

    anywhere. Do we presume that new CPEs have IPv6 by default anyway?



    Cheers and thnx, Jan



________________________________


    BCOP mailing list

    BCOP at lacnog.org<mailto:BCOP at lacnog.org>

    https://mail.lacnic.net/mailman/listinfo/bcop






**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es<http://www.consulintel.es/>
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.




________________________________

BCOP mailing list
BCOP at lacnog.org<mailto:BCOP at lacnog.org>
https://mail.lacnic.net/mailman/listinfo/bcop



_______________________________________________ BCOP mailing list BCOP at lacnog.org<mailto:BCOP at lacnog.org> https://mail.lacnic.net/mailman/listinfo/bcop



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

_______________________________________________
BCOP mailing list
BCOP at lacnog.org<mailto:BCOP at lacnog.org>
https://mail.lacnic.net/mailman/listinfo/bcop

_______________________________________________ BCOP mailing list BCOP at lacnog.org https://mail.lacnic.net/mailman/listinfo/bcop

**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.lacnic.net/pipermail/bcop/attachments/20180619/751bd672/attachment-0001.html>

More information about the BCOP mailing list