I will be giving brief overview of the Operational Security Requirements (opsec) IETF draft @ the techsec working group. The basic idea of the draft is to enumerate, in a requirements doc, the list of controls that are needed to operate network infrastructure securely. The second version of the draft is now available @ http://www.port111.com/opsec/draft-jones-opsec-01.txt and should be up in the IETF Internet Drafts Real Soon Now (submitted last night). I would very much like to have input from this community on the requirements. Are there critical capabilities missing ? Are there things that should be removed ? Have you ever tried to test/purchase/operate equipment and found yourself saying "I can't believe the device does not have the ability to [insert basic security feature here]...". We will have some time at the tecsec-wg, but it would also be useful to start discussing things on this list now. Your thoughts ? Thank you, ---George Jones