W3C home > Mailing lists > Public > ietf-discuss@w3.org > July 1999

Re: IAB draft on security

From: Dave Crocker <dcrocker@brandenburg.com>
Date: Tue, 27 Jul 1999 15:35:18 -0700
Message-Id: <4.2.0.56.19990727153101.00af9770@mail.bayarea.net>
To: Brian E Carpenter <brian@hursley.ibm.com>
Cc: Larry Masinter <masinter@parc.xerox.com>, discuss@apps.ietf.org
At 03:10 PM 7/27/99 , Brian E Carpenter wrote:
> > A document that gives security guidelines for IETF protocols
> > should explain this policy and its impact.
>
>Not while I'm in the liability line of fire, thank you.


Permit me to presumptuously re-word Larry's suggestion:

A particular set of security technology and operations constraints are 
believed by the expert security technical community to carry a particular 
set of exposures and might also carry a set of mis-perceived comforts.

It would be entirely reasonable for the IETF/IAB to produce a paper stating 
those constraints, exposures and mis-comforts.

Done objectively, the fact that the constraints might perfectly align with 
a particular group's security policies seems unlikely to create legal 
exposures (though, yes, I would expect the legal mis-comforts to continue.)

d/


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Dave Crocker                                         Tel: +1 408 246 8253
Brandenburg Consulting                               Fax: +1 408 273 6464
675 Spruce Drive                             <http://www.brandenburg.com>
Sunnyvale, CA 94086 USA                 <mailto:dcrocker@brandenburg.com>
Received on Tuesday, 27 July 1999 18:50:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 March 2006 20:11:26 GMT