- From: by way of the Lastcall Form <rousskov@measurement-factory.com>
- Date: Sat, 1 Mar 2003 08:36 +0900
- To: www-qa@w3.org
Here is a last call comment from Alex Rousskov (rousskov@measurement-factory.com) on QA Framework : Specifications Guidelines (and Examples and Techniques) received by the LC form system. Submitted on behalf of: N/A Comment type: Substantive The comment applies to: "Overall" Comment title: require a "Security Considerations" section Comment: Any spec SHOULD have a Security Consideration section. Protocol or behavioral specs MUST have a Security Consideration section. Security sections make spec authors think about potential vulnerabilities and address at least some of them before the bad guys can exploit them. These sections are also a great place to warn implementors and users about most security-sensitive areas of the spec and, perhaps, common exploits. IETF's Internet Architecture Board has published the following Internet Draft that may be of use to SpecGL authors: http://www.ietf.org/internet-drafts/draft-iab-sec-cons-03.txt Proposed resolution : Require "Security Considerations" sections just like we already require conformance sections. ]] -- This comment was submitted through the lastCall form system, designed by Martin Duerst and Adapted for the QAWG by Olivier Thereaux.
Received on Friday, 28 February 2003 18:36:34 UTC