Hello Zahed, Thank you very much for your detailed review.
Together with my co-authors, we have uploaded revision -27, which should address all your comments. The diff is at: https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-27 Regards, KK On Wed, Apr 7, 2021 at 3:33 AM Zaheduzzaman Sarker via Datatracker < nore...@ietf.org> wrote: > Zaheduzzaman Sarker has entered the following ballot position for > draft-ietf-opsec-v6-25: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I found this document very informative and I learned quite a lot by reading > this document (I must confess I haven't read the long list of referenced > documents :-)). I think the collected recommendations in one place will be > very > helpful. > > Some comments - > > * The abstract says - "The recommendations in this document are not > applicable to residential user cases". However, later on in section 1.1 > it > says - "This covers Service Provider (SP), enterprise networks and some > knowledgeable-home-user-managed residential network." Furthermore in > section > 5, it recommends configurations for residential users. May be I am not > getting the distinction among residential user cases, managed residential > network and residential users correct but I think further clarification > is > needed on what is written in thee abstract and what is in the rest of the > document. > > * I noted that section 2.3.4 refers to 3GPP 4G terminologies while > describing > the case. If this section is not supposed to restricted to certain > generations of 3GPP technologies then I would recommend to update the > section > with 5G terminologies as well. > > * In section 2.6 there is an ask for the network operators to log "of all > applications using the network (including user space and kernel space) > when > available (for example web servers)". How realistic is this? I hardly > see the > web servers sharing logging files with network operators ( I would be > happy > to be corrected here ). I am also missing the discussion on -- if not > available how much this affects the forensic research in the event of > security incident and abnormal behavior. > > > >
_______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec