[Bp_certs] About types of CERTs

Andrew Cormack Andrew.Cormack at ja.net
Fri Jul 25 05:25:43 EDT 2014 

Hi Gaus

I'd see two benefits:
1) Telling governments that there are multiple functions (however they want to divide them up) that should be considered when planning "CERT(s) for my country"

2) Since there are already teams calling themselves "national CERT" out there, helping them to describe more accurately which of those functions they actually provide, so a "national CERT" that is actually only dealing with Government and/or critical networks doesn't get swamped with reports about problems in its citizen IP address ranges. Also saving those who report to it some frustration.

I agree that the second of those ought to be covered by close reading of the RFC2350 constituency definition but I suspect most reporters who try for, for example, google("uk national cert") will make all sorts of wrong assumptions about something that describes itself as "national computer emergency response team in the United Kingdom" ;-)

Does that make sense, or am I just showing my old scars?

Andrew


> -----Original Message-----
> From: Bp_certs [mailto:bp_certs-bounces at intgovforum.org] On Behalf Of
> Damir Rajnovic
> Sent: 25 July 2014 08:31
> To: bp_certs at intgovforum.org
> Subject: Re: [Bp_certs] About types of CERTs
> 
> Hi all,
> 
> It seems to me that I have joined mid-stream into this thread
> a few days ago so I am probably missing the initial context.
> 
> This is fascinating discussion but I have one very simple
> question which is about importance of being "national CERT"?
> (sorry, could not help myself)
> 
> A team can call itself whatever they like - national, CNI,
> semi-national or Exalted CERT for Official Monster Raving Loony
> Party - all that it matters is what is their constitency. If
> an incident involves that constituency (or a subset of it),
> then that team is who you need.
> 
> I can understand that for the team itself there might be a
> significance if it can attach a specific title to itself because
> then the team can get more funding or prestige. But is that
> really what is important? We can certainly list all known
> names and we can invent a few more but what is the end goal?
> 
> Thank you,
> 
> Gaus
> 
> On Thu, Jul 24, 2014 at 05:29:02PM +0000, Andrew Cormack wrote:
> > And to those trying to reach out to a particular CSIRT role in
> > another country. In theory you should be able to tell the
> > difference from the 'constituency' definition in RFC2350, but
> > I suspect it'd be easier to have distinct names for each role
> > so that 'national CERTs' could flag up which they were.
> 
> 
> 
> 
> ==============
> Damir Rajnovic <gausix at gmail.com>
> Telephone: +44 7825 049 500
> ==============
> There are no insolvable problems.
> The question is can you accept the solution?
> 
> 
> Incident Response and Product Security
> http://www.ciscopress.com/bookstore/product.asp?isbn=1587052644
> 
> 
> _______________________________________________
> Bp_certs mailing list
> Bp_certs at intgovforum.org
> http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org

More information about the Bp_certs mailing list