|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use Requirements> If the trade-off is the expense of required physical resources to implement > privacy, then mandating presents of these resources does not allow the What physical resources, a few kilobytes of code? > customer a choice of whether they wish the expense. Should the Not mandating the presence of those resources results in interoperability problems, and impacts customer choice more severely. As Mr. Robinson pointed out, the lack of mandatory to implement security services in NFSv[23] resulted in only a handful of implementations supporting such services. So the customer has no choice about whether to use stronger security flavors that a minority of NFS implementations support, unless he wants to limit his vendor list to a handful. Hence my rhetorical question: "Why not allow the customer to make the tradeoff between security and performance?" The question for the WG should be whether privacy is critical or not. If is critical, then privacy must be mandatory to implement. If it is not then the specification had better make convincing arguments why it isn't critical, otherwise we can expect IESG or the Area Advisor to reject the specification. Been there, done that. I find it hard to believe that privacy in ips is not critical. Much of the data being rendered is rather valuable. -mre
Home Last updated: Tue Sep 04 01:05:33 2001 6315 messages in chronological order |