Michael,
Thanks for a well-written draft. Thanks in particular for a few points
in this draft:
- They are indeed, considerations. They're not mandates. And they are
most especially not an overwhelming checklist that makes me want to set
the draft immediately on fire like other recent drafts have done.
- It acknowledges the tensions between operations and security. When
going through protocol design, an overly heavy hand on either side of
this scale tends to lead to a poorly balanced design.
- And finally, it does minorly nod in its own security considerations
section to privacy considerations. And this leads to my only request
for additional text in the document thus far: A deeper nod to privacy
and citation of RFC 6973. It is often the case that the secops
considerations highlighted in this draft are often at deep odds against
privacy. Addressing that tension is worthy of more discussion.
-- Jeff
On 2/27/26 09:48, Michael P1 wrote:
OFFICIAL
Hi All,
As mentioned at IETF 124 in Montreal, I’ve been working on a draft to build
upon draft-ietf-opsawg-rfc5706bis with a focus on Security Operations and have
now published a -00 draft
https://datatracker.ietf.org/doc/draft-parsons-opsawg-security-operations/.
It describes some of the fundamentals of security operations and is designed to
support discussions on operational considerations during IETF protocol design.
Reviews and feedback are gratefully received.
Thanks,
Michael
OFFICIAL
-----Original Message-----
From: [email protected] <[email protected]>
Sent: 27 February 2026 14:36
To: [email protected]
Subject: I-D Action: draft-parsons-opsawg-security-operations-00.txt
Internet-Draft draft-parsons-opsawg-security-operations-00.txt is now available.
Title: Security Operations Fundamentals and Guidance
Authors: Michael Parsons
Florence Driscoll
Name: draft-parsons-opsawg-security-operations-00.txt
Pages: 13
Dates: 2026-02-27
Abstract:
Security operators are responsible for detecting malicious activity,
responding to threats and defending their networks and systems from
cyber attacks. Security operations are commonly entwined with other
operational and management priorities to ensure that both security
and operational priorities are considered holistically.
With security operators being a crucial part of operation, management
and security of the network, it is valuable to give consideration to
them during the design of new protocols. This document builds upon
draft-ietf-opsawg-rfc5706bis, describing the fundamentals of security
operations to provide a foundation for considerations for protocol
design and guidance. This document also describes how security
operations considerations can be most usefully included in other IETF
documents.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-parsons-opsawg-security-operations/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-parsons-opsawg-security-operations-00.html
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
OPSAWG mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
OPSAWG mailing list -- [email protected]
To unsubscribe send an email to [email protected]
