[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: MUST vs. SHOULD audit

To: Stephen Kent <kent@bbn.com>, Daniel Harkins <dharkins@cisco.com>
Subject: RE: MUST vs. SHOULD audit
From: Glen Zorn <glennz@microsoft.com>
Date: Wed, 2 Apr 1997 19:07:35 -0800
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

I think that auditing recommendations belong in the Security
Considerations section.

	-----Original Message-----
	From:	Stephen Kent [SMTP:kent@bbn.com]
	Sent:	Tuesday, April 01, 1997 1:44 PM
	To:	Daniel Harkins
	Cc:	ipsec@tis.com
	Subject:	Re: MUST vs. SHOULD audit

	Dan,

		I was worried about the MUSTs in both documents re
auditing and
	potential denial of service implications, but chose to copy them
and hope
	for feedback from the WG. I'd be comfortable with a spec that
required
	logging if the platform already supported audit, but I'm up in
the air re
	the right requirement if the platform does not perform audit.
If marking
	this case as SHOULD would make folks happy, I'm certainly
comfortable with
	that sort of change, though I'm not sure what the bottom line
effect would
	be.

		Thanks for catching the "ICV" vs. "sequence number"
check typo.

	Steve

Prev by Date: Re: auditing
Next by Date: Re: MUST vs. SHOULD audit
Prev by thread: RE: MUST vs. SHOULD audit
Next by thread: RE: MUST vs. SHOULD audit
Index(es):
- Main
- Thread