Meetings:
30th IETF, 31st IETF, 32nd IETF, 33rd IETF, 34th IETF, 35th IETF, 36th IETF, 38th IETF, 39th IETF,
40th IETF, 41st IETF, 43rd IETF, 44th IETF, 45th IETF and 46th IETF

41st IETF, Los Angeles, Calif. - March 1998

Guidelines and Recommendations for Incident Processing (GRIP)

The working group met once during the IETF meeting.

The purpose of the meeting was to review the current draft, draft-ietf-grip-isp-04.txt and to resolve any outstanding issues. Another major purpose was to surface concerns that might prevent the progression of this document.

Neither Operations Area ADs were able to attend the meeting but Jeff Schiller, Security AD, did attend and we were able to discuss the future handling of the document. There has been some concern expressed to members of the IESG and to the working group chair by one major ISP that the content of the document includes objectionable recommendations related to business issues. There were a number of major ISPs represented in the room and none of them agreed with the concern. Discussion followed and Jeff recommended that we continue to complete the document and said he'd support progression of the document if the working group reached consensus and the working group chair made the recommendation for progression of the document.

Review of the document proceeded from start to finish in the document and during the meeting we were able to review through section 8. The other sections will be discussed on the mailing list. The following changes will be incorporated into the document:

1. The section on handling incidents will be reworked to describe roles and responsibilities of the ISPs and to state that the ISPs should have documented policies and procedures regarding what types of information they will share with whom. Such policies and procedures should be made available to all subscribers. The document will not state that any particular type of information should be shared since this will be impacted by each ISP's particular environment. The important point is that the ISP should articulate exactly what information is being shared so that the subscribers are aware.
   • Also in this section, the document will describe how peering agreements might be used to enhance the ability of ISPs to work together to resolve security incidents.

2. The section describing recommendations on mail relays will track with the work being done in a <fill in the draft number and working group>

3. There was discussion concerning ingress and egress filtering and there again was consensus that these were sound recommendations. So, no changes will be made to this section. There was an interesting discussion related to this where members in the group described various laws that have either been passed or are in draft state making header forging illegal. Such a law has already been passed in Sweden and offenders have already been successfully prosecuted.

4. The section describing xtnd xmit and smtp auth will also track other related work in the IETF.

The document editor will make the changes and submit a new (hopefully final) draft to IDs. The group also decided to float the draft to as many ISPs and other knowledgeable folks outside the working group to actively solicit review prior to submitting it to the IESG.

Please send questions, comments, and/or suggestions regarding the GRIP working group to the open mailing list grip-wg@uu.net.

All issues regarding these web pages should be directed to klaus-peter@kossakowski.de.

These pages are hosted on http://www.kossakowski.de and are provided on an "AS IS" basis without any explicite or implicite responsibility, liability, etc. (For a more fully understanding please refer to the legal statements within the Impressum, which is only available in German.)