RE: Stupid Question: Network Abuse RFC?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So, someone else (Thanks, by the way -- this is the one I was looking for) pointed me to RFC3013/BCP46: http://rfc-editor.org/cgi-bin/rfcdoctype.pl?loc=RFC&letsgo=3013&type=http&f ile_format=txt In addition to RFC2142, it would appear that these are largely ignored just as much as any other operational IETF documents. That's a shame. $.02, - - ferg p.s. Thanks to everyone for their replies. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHiarRq1pz9mNUZTMRAkF1AKDMzsJlzSLPPVkR2GMrUXN/CDFBXgCguQy4 C9PMJ0Jl9a9XJjEZ9aqLIUY= =G7gb -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
On Sun, 13 Jan 2008, Paul Ferguson wrote:
In addition to RFC2142, it would appear that these are largely ignored just as much as any other operational IETF documents.
That's a shame.
The IETF (and other groups) developing "Best Common Practices" seem to sometimes forget 1. Is it a practice? 2. Is it a common practice? 3. Is it a best common practice? If no one is doing it, and they are largely ignored, did the IETF really do its job of consulting with the operational community to identify practices that are common and considered best? It is the organizational version of "running code." It seemed like many of the Internet "operational" people stopped going to the IETF in the 1990's and I don't know those people have really settled down anywhere else. NANOG/MERIT deliberately decided not to get into the standards development or publishing business. RIPE does publish somethings. NRIC has the same problem as the IETF and published a ton of "Best Practices" that no one practiced, and I think tended to cause operations people to start ignoring NRIC. Instead often what you get is a group of people from one industry writing what they wish a group of people in another industry would practice. For example, the financial industry writing what they wish merchants would do for security. Or the e-mail industry writing what they wish networks would do for security. Or the music industry writing what they wish universities would do for security. Although you need a some overlap, I think you get much better "buy-in" when people from the same industry are developing their operational standards.
On Jan 14, 2008 12:39 AM, Sean Donelan <sean@donelan.com> wrote:
Although you need a some overlap, I think you get much better "buy-in" when people from the same industry are developing their operational standards.
Well, MAAWG does that, and has produced a lot of good work in the past. Has the same ISPs that come to NANOG, NSPSEC etc too, and in some cases the same people. So is that a call for *NOGs to come out with operational BCPs (no, not "standards")? --srs
On Mon, 14 Jan 2008, Suresh Ramasubramanian wrote:
On Jan 14, 2008 12:39 AM, Sean Donelan <sean@donelan.com> wrote:
Although you need a some overlap, I think you get much better "buy-in" when people from the same industry are developing their operational standards.
Well, MAAWG does that, and has produced a lot of good work in the past. Has the same ISPs that come to NANOG, NSPSEC etc too, and in some cases the same people.
So is that a call for *NOGs to come out with operational BCPs (no, not "standards")?
If you can get the appropriate subject matter people to agree, then any forum may be useful. However, as other folks have pointed out, often there are many different constituencies even within the same company. Just because the same ISPs or people show up to the same groups, it doesn't necessarily mean those are the right people for a particular subject. That's why the natives are important. In one company you might want to talk with the abuse folks, another company you might want to talk with the infrastructure folks, another company you might want to talk with the application managers, and so on. Even in the same company you might need to talk to different people for DDOS incidents, customer abuse incidents, law enforcement response, and so on. If you are lucky you might find a person that spends 90% of their time trying to get all the different parts of the same company to talk to each other. MAAWG is useful for particular subjects, not as useful for other subjects. I expect the same will be true for any forum.
Sean Donelan wrote:
The IETF (and other groups) developing "Best Common Practices" seem to sometimes forget
1. Is it a practice? 2. Is it a common practice? 3. Is it a best common practice?
If no one is doing it, and they are largely ignored, did the IETF really do its job of consulting with the operational community to identify practices that are common and considered best? It is the organizational version of "running code."
From my perspective if the people who need the BCP aren't the one's doing the writing then clearly something is going to be lost in
translation. Writing things down, presenting and accepting criticism on them doesn't require the blessing of standards body. If we're so rigid a culture that we're incapable of handling the documentation of operational wisdom informally yet we find ourselves bound to a standards body which we claim isn't serving our interests, whose fault is that?
participants (4)
-
Joel Jaeggli -
Paul Ferguson -
Sean Donelan -
Suresh Ramasubramanian