[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MUST vs. SHOULD audit

To: dharkins@cisco.com
Subject: Re: MUST vs. SHOULD audit
From: ho@earth.hpc.org (Hilarie Orman)
Date: Tue, 1 Apr 1997 15:55:36 -0500
Cc: ipsec@tis.com
In-reply-to: Yourmessage <199704012006.NAA23247@baskerville.CS.Arizona.EDU>
Sender: owner-ipsec@ex.tis.com

An implementation that is not capable of auditing these events
wouldn't conform to the expectations of the community.  What I'd think
would be reasonable would be to say that if the platform has an audit
facility, these events must be logged.  This leaves open the
possibility of tailoring the logging rate for this event type to the
system administrator.  After all, IPSEC is unlikely to be the only way
to introduce denial of service through excessive logging, so the audit
system must already be capable of dealing with such things.

If there is no audit facility, should one say that IPSEC cannot be
implemented on that platform?  Seems drastic, but less drastic than
requiring that IPSEC implementations carry a full audit log capability
along with them.

Hilarie

Follow-Ups:

Re: MUST vs. SHOULD audit

From: Daniel Harkins <dharkins@cisco.com>

Re: MUST vs. SHOULD audit

From: Bill Pabst <bpabst@holontech.com>

Prev by Date: MUST vs. SHOULD audit
Next by Date: Re: oakley-03: last call comments
Prev by thread: Re: MUST vs. SHOULD audit
Next by thread: Re: MUST vs. SHOULD audit
Index(es):
- Main
- Thread