- From: Brian E Carpenter <brian@hursley.ibm.com>
- Date: Tue, 27 Jul 1999 17:48:48 -0500
- To: Dave Crocker <dcrocker@brandenburg.com>
- CC: Larry Masinter <masinter@parc.xerox.com>, discuss@apps.ietf.org
Dave, What is missing in RFC 1984 in this respect? Brian Dave Crocker wrote: > > At 03:10 PM 7/27/99 , Brian E Carpenter wrote: > > > A document that gives security guidelines for IETF protocols > > > should explain this policy and its impact. > > > >Not while I'm in the liability line of fire, thank you. > > Permit me to presumptuously re-word Larry's suggestion: > > A particular set of security technology and operations constraints are > believed by the expert security technical community to carry a particular > set of exposures and might also carry a set of mis-perceived comforts. > > It would be entirely reasonable for the IETF/IAB to produce a paper stating > those constraints, exposures and mis-comforts. > > Done objectively, the fact that the constraints might perfectly align with > a particular group's security policies seems unlikely to create legal > exposures (though, yes, I would expect the legal mis-comforts to continue.) > > d/ > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Dave Crocker Tel: +1 408 246 8253 > Brandenburg Consulting Fax: +1 408 273 6464 > 675 Spruce Drive <http://www.brandenburg.com> > Sunnyvale, CA 94086 USA <mailto:dcrocker@brandenburg.com>
Received on Tuesday, 27 July 1999 18:51:18 UTC