RE: Question on security document

To: cmonia@NishanSystems.com
Subject: RE: Question on security document
From: Paul Koning <ni1d@arrl.net>
Date: Thu, 18 Oct 2001 10:36:58 -0400
Cc: ips@ece.cmu.edu
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
References: <B300BD9620BCD411A366009027C21D9B55205D@ariel.nishansystems.com>
Sender: owner-ips@ece.cmu.edu

Excerpt of message (sent 17 October 2001) by Charles Monia:
> Hi:
> 
> I had assumed that one goal of the document was to set forth the language
> necessary for each spec to pass muster with the IESG in the realm of
> security.  If that's correct, I'm concerned that the suggested change may
> compromise that intent.
> 
> Charles
> > -----Original Message-----
> > From: Robert Snively [mailto:rsnively@Brocade.COM]
> > Sent: Wednesday, October 17, 2001 4:31 PM
> > To: 'ips@ece.cmu.edu'
> > Subject: Question on security document
> > 
> > 
> > I have a recommendation to the authors of the security 
> > document:
> > ...

The problem, as Bob is right to point out, is that informational RFCs
by definition cannot establish requirements on implementations.  So if
you want there to be security requirements that apply to iFCP, iSCSI,
and so on, they can only be stated in standards track RFCs, not
informational RFCs.  It may be a separate document or part of the IPS
document it applies to.

So one answer is for the security draft not to be informational
anymore.

	paul

References:
- RE: Question on security document
  - From: Charles Monia <cmonia@NishanSystems.com>

Prev by Date: Re: iSCSI: Login authentication SRP/CHAP
Next by Date: RE: Question on security document
Prev by thread: RE: Question on security document
Next by thread: RE: Question on security document
Index(es):
- Date
- Thread

Home

Last updated: Thu Oct 18 12:17:30 2001
7280 messages in chronological order