[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auditing
--- On Wed, 02 Apr 1997 14:25:03 -0500 Bill Sommerfeld <sommerfeld@apollo.hp.com> wrote:
> I'd like to make a modest suggestion:
>
> change the text to:
>
> ... discard the packet. This failure MUST be auditable.
>
> and add some common text defining what "auditable" means.
>
> This document defines several events as being "auditable".
>
> At a minimum, "auditable" means that an implementation MUST
> provide a mechanism which securely records the fact that the
^^^^^^^
Dan Harkins suggests replacing "records" with "reports",
which would permit network-based reporting to be substituted
for local storage if appropriate in some implementation.
> event occurred one or more times in the recent past. Other
> relevant information about the event (time, source address,
> destination address, SPI, etc.,) SHOULD also be recorded.
^^^^^^^^
Similarly, the word "recorded" above should be changed to
"reported".
> Auditing MUST be enabled by default, but it MUST be possible
> for an administrator to disable auditing.
> [This can easily be tweaked if the consensus is that the default
> should be to disable auditing unless explicitly requested.]
I personally don't care about which is the default.
I have also heard a private suggestion that maybe some of the
auditing material might be moved into the "Security Considerations"
section. That wouldn't bother me, though I will observe that verbage
anywhere in the RFC is equally binding on implementations.
Would this be a reasonable compromise position on this topic,
given that there are some seemingly deep philosophical differences
amongst various parties on the question of whether the IETF is
permitted to say anything beyond what 'goes on the wire' ??
Ran
rja@inet.org
Follow-Ups:
References:
- Re: auditing
- From: Bill Sommerfeld <sommerfeld@apollo.hp.com>