RE: Security Use Requirements

["Douglas Otis" <dotis@sanlight.net>]

Michael,

If the trade-off is the expense of required physical resources to implement
privacy, then mandating presents of these resources does not allow the
customer a choice of whether they wish the expense.  Should the
specification indicate an optional means of enabling data privacy, then
should the customer select data privacy and has bore the expense of this
feature in their initial selection, the specification would allow privacy.
Keeping privacy an option affords the greatest product range.

Doug

> > Mandating additional resources to implement privacy would not
> allow this to
> > be a customer made trade-off.  Allowing it as product feature
> option would.
>
> Implementors who implement mandatory privacy can choose to allow
> customers to
> toggle privacy on or off. This approach allows customers to make
> the tradeoff.
>
> If privacy is not mandatory to implement, then customers will inevitably
> encounter the situation where a client-side ips product has
> privacy and the
> server does not, and vice versa. This removes from the customer
> the ability to
> make the trade-off.
>
> 	-mre
>
> > > Why not allow the customer to make the tradeoff between security and
> > > performance?
>