On 9/25/2014 4:24 PM, Fernando Gont wrote: ... > Nope. Please check Section 2.2 of our I-D, which says: > > The advice provided in this document is only meant to guide an > operator in configuring forwarding devices, and is *not* to be > interpreted as advice regarding default configuration settings for > network devices. ... > i.e., our recommendations shouldn't be used as "default configurations" > of any devices.
So these are not defaults... ... > If you look closely at the I-D, it is essentially a "default allow", except that they are. Esp. two of the specific recommendations. Perhaps this most clearly highlights the reason I don't see the utility or purpose in this doc. Operational recommendations should be explained in the context of existing standards, and only where they deviate from them in a specific operational context. Joe _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
