[BCOP] BCOP on Security Requirements for CPE
JORDI PALET MARTINEZ
jordi.palet at consulintel.es
Thu Nov 22 20:41:55 -02 2018
Hola Lucimara,
Comprendido, no recordaba que ya teníamos incluido el RFC7084 y el RF-08, sin embargo creo que deberíamos hacer alguna mención explicita a los aspectos de seguridad de UPnP/PCP.
Saludos,
Jordi
-----Mensaje original-----
De: BCOP <bcop-bounces at lacnog.org> en nombre de Lucimara Desiderá <lucimara at cert.br>
Responder a: This list is to discuss BCOPs in LACNOG <bcop at lacnog.org>
Fecha: jueves, 22 de noviembre de 2018, 19:59
Para: <bcop at lacnog.org>
Asunto: Re: [BCOP] BCOP on Security Requirements for CPE
Hola Jordi
Já falamos sobre este tema anteriormente, que requisitos funcionais para
IPv6 em geral não estão no escopo deste documento. De qualquer forma, o
draf-04 da BCOP inclui o seguinte, e acredito que contemplam o que você
está dizendo:
"Providing a list of basic requirements for IPv6 is outside of the scope
of this document. This document assumes that IPv6 support requirements
are included as part of the general purchasing requirements document.
...
Functional Requirements (FR):
This document assumes that IPv6 support in accordance to RFC 7084 [7] is
part of the general purchasing requirements document.
...
FR-08: The end user MUST be able, via graphical user interface, and
using authentication, to disable any service that is not essential to
the operation or administration of the device, and change other
user-specific configurations and setting as appropriate (i.e. WiFi
network name)."
Saludos,
Lucimara
On 11/22/18 15:26, JORDI PALET MARTINEZ wrote:
> Hola Lucimara, todos,
>
> Por una pregunta que ha surgido en la lista de LACNOG me he dado cuenta que no hemos considerado la necesidad del soporte de PCP y UPnP y permitir que el usuario lo pueda configurar, etc.
>
> Creo que esto es fundamental para que un CPE pueda ofrecer seguridad, pero al mismo tiempo "usabilidad". Asegurar una red, sin que el usuario pueda usar juegos, u otros muchas aplicaciones, obviamente no es buena idea.
>
> Saludos,
> Jordi
>
>
>
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
>
>
>
> _______________________________________________
> BCOP mailing list
> BCOP at lacnog.org
> https://mail.lacnic.net/mailman/listinfo/bcop
>
_______________________________________________
BCOP mailing list
BCOP at lacnog.org
https://mail.lacnic.net/mailman/listinfo/bcop
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
More information about the BCOP
mailing list