SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Use Requirements



    > If the trade-off is the expense of required physical resources to implement
    > privacy, then mandating presents of these resources does not allow the
    
    What physical resources, a few kilobytes of code?
    
    > customer a choice of whether they wish the expense.  Should the
    
    Not mandating the presence of those resources results in interoperability
    problems, and impacts customer choice more severely. As Mr. Robinson pointed
    out, the lack of mandatory to implement security services in NFSv[23] resulted
    in only a handful of implementations supporting such services. So the customer
    has no choice about whether to use stronger security flavors that a minority
    of NFS implementations support, unless he wants to limit his vendor list to a
    handful. Hence my rhetorical question: "Why not allow the customer to make the
    tradeoff between security and performance?"
    
    The question for the WG should be whether privacy is critical or not. If is
    critical, then privacy must be mandatory to implement. If it is not then the
    specification had better make convincing arguments why it isn't critical,
    otherwise we can expect IESG or the Area Advisor to reject the specification.
    Been there, done that.
    
    I find it hard to believe that privacy in ips is not critical. Much of the
    data being rendered is rather valuable.
    
    	-mre
    


Home

Last updated: Tue Sep 04 01:05:33 2001
6315 messages in chronological order