LC comment for SpecGL : 'require a "Security Considerations" section'

Here is a last call comment from Alex Rousskov (rousskov@measurement-factory.com) 
on QA Framework : Specifications Guidelines (and Examples and Techniques)
received by the LC form system.

Submitted on behalf of: N/A
Comment type: Substantive
The comment applies to: "Overall"
Comment title: require a "Security Considerations" section

Comment:
Any spec SHOULD have a Security Consideration
section.  Protocol or behavioral specs MUST have a
Security Consideration section.

Security sections make spec authors think about
potential vulnerabilities and address at least
some of them before the bad guys can exploit them.
These sections are also a great place to warn
implementors and users about most
security-sensitive areas of the spec and, perhaps,
common exploits.

IETF's Internet Architecture Board has published
the following Internet Draft that may be of use
to SpecGL authors:
http://www.ietf.org/internet-drafts/draft-iab-sec-cons-03.txt


Proposed resolution : 
Require "Security Considerations" sections just
like we already require conformance sections.

]]

-- 
This comment was submitted through the lastCall form system,
designed by Martin Duerst and Adapted for the QAWG by Olivier Thereaux.

Received on Friday, 28 February 2003 18:36:34 UTC