[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MUST vs. SHOULD audit

To: ipsec@tis.com
Subject: Re: MUST vs. SHOULD audit
From: "Christopher L. Werner" <cwerner@fh.us.bosch.com>
Date: Wed, 02 Apr 1997 15:53:05 -0500
Sender: owner-ipsec@ex.tis.com

At 10:03 AM 4/2/97 -0800, Dan Harkins wrote:
>  Ran,
[snip]
>  The suggestion that implementors don't do the "SHOULD implement" is not
>really true as the recent ANX IPsec bake-off demonstrated. "SHOULD" is
>very important and things like auditing capability will weigh heavily in
>the minds of customers when they start to buy this stuff.
>

Actually there are a number of legal ramifications which are directly
related to whether one has an audit trail or not. When things go wrong and
law enforcement/lawyers are involved the evidence provided by a log file can
be the difference between success and failure of litigation. This issue
alone may have more influence on the 'market' decision to use products which
log vs those which do not. Some businesses will rely on IPsec as their
primary security mechanism and it's effectiveness will be very critical.

[returning to listening mode...]
-----------------------------------------------------------------------
 Opinions expressed are mine and not necessarily those of my employer.
-----------------------------------------------------------------------
Christopher L. Werner                Robert Bosch Corporation
System Engineer                      38000 Hills Tech Dr.
(810)553-1389                        Farmington Hills, MI 48331-3417

Prev by Date: RE: MUST vs. SHOULD audit
Next by Date: Re: auditing
Prev by thread: RE: MUST vs. SHOULD audit
Next by thread: RE: MUST vs. SHOULD audit
Index(es):
- Main
- Thread