[Nlnog] meer discussie!

Sabri Berisha sabri at cluecentral.net
Tue Jun 22 09:44:38 UTC 2004 

Hi,

Naar aanleiding van wat discussie in het IRC kanaal, bijgaand de
volgende 'voorwaarden' die ik vond over een soortgelijke mailinglijst
als nlnog. Mijn voorstel is om iets soortgelijks van toepassing te
verklaren op deze lijst. Met name het stukje over vertrouwelijkheid (als
ik op deze lijst zeg dat AS12859 netwerkpanne had wil ik dat niet morgen
op Webwereld teruglezen) staat mij wel aan. Uiteraard zou eea ook van
toepassing zijn op het irc kanaal.

Meningen?


"Cyber defenders, ever vigilant, ever responsive." -Marjorie Gilbert, 2003 

Step one is to insure you meet the qualifications for NLNOG. Some common 
questions to ask yourself are: 

Do you work for some type of IP transit provider, huge multi-homed 
content provider, or service provider? 
Does your job include Operational Services? 
Are you willing to offer free services, data, forensic, and other 
monitoring data to the NOG community? 
Do you have authorization to actively mitigate incidents in your network? 
Do you actually log into a router and do something to mitigate an attack 
or call someone to task them to do the work? 
Do you have the time for a real-time NSP mitigation forum? 

If yes, then you might fit the expectations to be on the NLNOG 
Mitigation or Discussion Forums. 

NLNOG PARTICIPATION EXPECTATIONS 

NLNOG is a forum to get work done in the service of the community. As 
such, realistic expectations are placed on the NLNOG membership. These 
expectations are periodically reviewed by the NLNOG moderators to ensure 
that an individuals community membership is relevant, productive, and adds 
value to the mission of NLNOG. These expectations, which have evolved 
through active membership feedback include: 

All posts to NLNOG must have an organizational affiliation via either a 
corporate email address that is identifable as an ISP/NSP, or via a 
signature that includes your organizational affiliation or ASN. 
Lurking and learning does not contribute to the community  there are 
other forums for that. Silence often indicates that people are not 
handling the information provided by the NLNOG community or that the 
information provided is of little relevence to the member. 
Acknowledgements of action  whether publicly on the mailing list or 
privately to the people involved  provides members of the community an 
indication that contributions are being made. Recognizing specific 
national laws, regulations, and/or corporate policies may prevent some 
members from posting on the public NLNOG alias; these limitations do not 
prevent private mitigation correspondence. 
Taking information provided on the NLNOG forums and using it for 
commercial gain is not allowed. It is a violation of trust to the 
community. 

NLNOG is built on trust. Therefore, reposting NLNOG communications to 
individuals inside or outside your organization is a violation of that 
trust. NLNOG members should have the span of control to take action on 
the information from an NLNOG correspondence without widely posting the 
information inside their organization. If forwarding inside the 
organization is required, permission of the posters must be sought. 
NLNOG postings must not be CCed or BCCed to any other forum. Internal 
dialog must be re-crafted for internal use as mentioned in previous 
guildelines. 



NLNOG APPLICATION EXPECTATIONS 

Membership in NLNOG is restricted to those actively involved in the 
mitigation of NSP security incidents within organizations in the IP 
transit, content, and service provider community. Therefore, it will be 
limited to operators, vendors, researchers. That means no press and 
(hopefully) none of the "bad guys." It also means that engineers who do 
not directly work in the core transit/content provider network do not fit 
the purview of NLNOG and should look for other forums

NLNOG is not a community for lurkers who wish to "learn more about NSP 
security." Individuals who are part of the NSP attack mitigation community 
at times create whitepapers, presentations, and training materials to 
educate the larger community. Much of this material will be presented to 
NANOG (http://www.nanog.org) and other NSP operations forums (RIPE, 
APRICOT, and AFNOG, etc.). A set of links below offers help for those 
looking to learn more about the tools, techniques, and training used by 
the NLNOG community. 

NLNOG will use a simple trust/peering relationship. This model is not as 
"secure" as an encrypted conversation, yet it is better than a wide-open 
public dialog. All applications must be accompanied by at least two 
existing members who will vouch for the new applicant. We will establish 
the trust by asking members of the list to vouch for new subscriber 
requests. If the list administrators know the person, then they can vouch 
for them. 

No information presented in this list is allowed to be forwarded or shared 
outside the NLNOG community without specific permission from the poster. 
It is expected that members strictly adhere to this policy to ensure list 
confidentiality. 


NLNOG APPLICATION FOR MEMBERSHIP INSTRUCTIONS 

Step one is to insure you meet the qualifications for NLNOG. Some common 
questions to ask yourself are: 

Do you work for some type of IP transit provider, content provider, or 
service provider? 
Does your job include Operational Security? 
Are you willing to offer free services, data, forensic, and other 
monitoring data to the NSP community? 
Do you have authorization to actively mitigate incidents in your network? 
Do you actually log into a router and do something to mitigate an attack 
or call someone to task them to do the work? 
Do you have the time for a real-time NSP mitigation forum? 


If you'd like to be considered for membership, please provide the 
following information via email to: bofh at nlnog.net

Name: 
E-mail: 
DayPhone: 
24hrPhone: 
iNOC Phone: 
Company/Employer: 
ASNs Responsible for: 
JobDesc: 
Internet security references (names & emails): 
PGP Key Location: 

For Job Description  be as detailed and descriptive as possible. After 
sending the above form via email go to the section below and issue a 
"subscription" request via the form. 

NEW MEMBERS 

When a new member requests membership and provides his/her "bio" (as 
above), once the moderators decide that the potential member has passed 
their initial review, that person's bio will be sent to the full list. All 
applications must be accompanied by at least two existing members who will 
"vouch" for the new applicant (preferably not from the same organization). 
Any existing member will have 48 hours to send reservations about that 
potential member to the moderators. The moderators promise to review in 
depth any facts that are raised in regards to any potential new member. 

RESERVATIONS AND REBUTTAL 

Any reservation about an existing or new member that is sent privately to 
the -owner list will have all identifying aspects stripped out of the 
email and forwarded to the potential rejectee for rebuttal. That person 
will have 72 hours to send a rebuttal before a decision is taken. The 
moderators of the NLNOG list will attempt to take all matters into 
consideration before rendering a decision. 

REMOVAL 

A majority of the moderators will be required to remove an existing member 
or to override a new potential members candidacy for the list. 

NLNOG REVETTING 

The NLNOG Moderators will periodically review the membership and select 
some members for revetting. This is required to ensure that all members of 
the list continue to fit the charter characteristics. Both employment and 
the charter can change over time - this mechanism allows the list to 
remain true to its charter. 

The revetting process occurs in three steps: 

1. The member selected for revetting will be asked to update their 
information, and submit it to the NLNOG Administrators. 

2. Should the member continue to meet the required characteristics for 
NLNOG membership, the members information will be sent to the list for 
revetting. 

3. At least two members of the list must re-approve membership. At least 
one of the approvers must be from a different company than the member who 
is being revetted. In addition, other members selected for revetting 
during the same cycle may not approve each other. 

Note that not meeting the requirements of each step will result in removal 
from the NSPSec mailing list. Those so removed may reapply through the 
normal method, although the two-company approval requirements will 
continue to apply. 



NLNOG PHYSICAL MEETINGS 

The IETF experience demonstrates that the most effective way to build a 
community on the Internet is through a combination of virtual meetings 
(e-mail forum) and physical meetings. NLNOG follows the same formula, 
having small meetings and BOFs at the various operations and engineering 
meetings around the world. Following is a list of the active NLNOG 
meetings and the contacts for the chaperons/facilitators for these 
meetings. 

Please let the community know if you are interested in coordinating, 
chaperoning, or facilitating meetings at other forums. Volunteerism in 
service to the community is welcomed. 

-- 
Sabri Berisha - SAB666-RIPE
BIT BV  - http://www.bit.nl/
AS12859 and AS31064 - lg: http://noc.bit.nl/traceroute

More information about the NLNOG mailing list