[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MUST vs. SHOULD audit

To: dharkins@cisco.com (Daniel Harkins)
Subject: Re: MUST vs. SHOULD audit
From: Uri Blumenthal <uri@watson.ibm.com>
Date: Tue, 1 Apr 1997 17:20:32 -0500 (EST)
Cc: ipsec@tis.com
In-Reply-To: <199704012145.NAA28713@dharkins-ss20> from "Daniel Harkins" at Apr 1, 97 01:45:42 pm
Reply-To: uri@watson.ibm.com
Sender: owner-ipsec@ex.tis.com

Daniel Harkins says:
> My feeling is that auditing is a local matter and not part of the
> protocol.

I support this.

> > would be reasonable would be to say that if the platform has an audit
> > facility, these events must be logged.......

I think that IPSEC defines the protocol. How much of the exchange
should be logged (if at all) is personal business of the implementor.
Different buyers may have different req's wrt. this and make their
purchasing choice accordingly. Still, it's not IPSEC's business.

> > If there is no audit facility, should one say that IPSEC cannot be
> > implemented on that platform?

Of course not. One should not say anything, except: "THIS IS AN
IMPLEMENTATION-SPECIFIC ISSUE".

If you want it to be REMOTELY controlled, then it's a remote management
issue, which again, isn't really part of IPSEC.
-- 
Regards,
Uri		uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>

Follow-Ups:

Re: MUST vs. SHOULD audit

From: Stephen Kent <kent@bbn.com>

References:

Re: MUST vs. SHOULD audit

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: MUST vs. SHOULD audit
Next by Date: Re: MUST vs. SHOULD audit
Prev by thread: Re: MUST vs. SHOULD audit
Next by thread: Re: MUST vs. SHOULD audit
Index(es):
- Main
- Thread