W3C home > Mailing lists > Public > ietf-discuss@w3.org > July 1999

Re: IAB draft on security

From: Brian E Carpenter <brian@hursley.ibm.com>
Date: Tue, 27 Jul 1999 17:48:48 -0500
Message-ID: <379E3750.F3BB8D55@hursley.ibm.com>
To: Dave Crocker <dcrocker@brandenburg.com>
CC: Larry Masinter <masinter@parc.xerox.com>, discuss@apps.ietf.org
Dave,

What is missing in RFC 1984 in this respect?

  Brian

Dave Crocker wrote:
> 
> At 03:10 PM 7/27/99 , Brian E Carpenter wrote:
> > > A document that gives security guidelines for IETF protocols
> > > should explain this policy and its impact.
> >
> >Not while I'm in the liability line of fire, thank you.
> 
> Permit me to presumptuously re-word Larry's suggestion:
> 
> A particular set of security technology and operations constraints are
> believed by the expert security technical community to carry a particular
> set of exposures and might also carry a set of mis-perceived comforts.
> 
> It would be entirely reasonable for the IETF/IAB to produce a paper stating
> those constraints, exposures and mis-comforts.
> 
> Done objectively, the fact that the constraints might perfectly align with
> a particular group's security policies seems unlikely to create legal
> exposures (though, yes, I would expect the legal mis-comforts to continue.)
> 
> d/
> 
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Dave Crocker                                         Tel: +1 408 246 8253
> Brandenburg Consulting                               Fax: +1 408 273 6464
> 675 Spruce Drive                             <http://www.brandenburg.com>
> Sunnyvale, CA 94086 USA                 <mailto:dcrocker@brandenburg.com>
Received on Tuesday, 27 July 1999 18:51:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 March 2006 20:11:26 GMT