[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MUST vs. SHOULD audit

To: ho@earth.hpc.org (Hilarie Orman)
Subject: Re: MUST vs. SHOULD audit
From: Daniel Harkins <dharkins@cisco.com>
Date: Wed, 02 Apr 1997 09:40:08 -0800
Cc: ipsec@tis.com
In-Reply-To: Your message of "Wed, 02 Apr 1997 10:20:18 EST." <199704021520.KAA18004@earth.hpc.org>
Sender: owner-ipsec@ex.tis.com

> Of course interoperability is the main point of the spec, but is the
> discussion so far well-founded?  I'm a little confused by the
> responses --- most seem comfortable having the audit requirement
> mentioned, as long as it's "should", but a "must" is declared out of
> scope for a protocol specification.  That doesn't seem logical; if
> you're in for a "should", then you're in for a "must".

Well, no. There's language in the drafts for "MUST", "SHOULD", and "MAY"
for a reason. They're not all the same and being in for "SHOULD" does not
make you in for "MUST".

[snip]

> I can appreciate the reasons for the "should" preference on grounds of
> scope, but maybe the requirements for security protocol
> implementations "should" be more stringent.  Not so stringent as to
> constitute denial of solution, but something more than an SEP* nod to
> security technology that is not evident on-the-wire.

I'm confused now. Are you saying that an implementation that implements
all the mandatory transforms and the mandatory key management and 
interoperates with every other "IPsec compliant" implementation is itself
not "IPsec compliant" because it doesn't do auditing?

  Dan.

Follow-Ups:

Re: MUST vs. SHOULD audit

From: ho@earth.hpc.org (Hilarie Orman)

References:

Re: MUST vs. SHOULD audit

From: ho@earth.hpc.org (Hilarie Orman)

Prev by Date: Re: MUST vs. SHOULD audit
Next by Date: Re: MUST vs. SHOULD audit
Prev by thread: Re: MUST vs. SHOULD audit
Next by thread: Re: MUST vs. SHOULD audit
Index(es):
- Main
- Thread