[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auditing
On Wed, 02 Apr 1997 21:47:43 EST (Ran, set your TZ correctly!), Ran modified
Bill Sommerfeld's suggestion:
>> change the text to:
>>
>> ... discard the packet. This failure MUST be auditable.
>>
>> and add some common text defining what "auditable" means.
>>
>> This document defines several events as being "auditable".
>>
>> At a minimum, "auditable" means that an implementation MUST
>> provide a mechanism which securely reports the fact that the
>> event occurred one or more times in the recent past. Other
>> relevant information about the event (time, source address,
>> destination address, SPI, etc.,) SHOULD also be reports.
>>
>> Auditing MUST be enabled by default, but it MUST be possible
>> for an administrator to disable auditing.
>
> I personally don't care about which is the default.
> Would this be a reasonable compromise position on this topic,
>given that there are some seemingly deep philosophical differences
>amongst various parties on the question of whether the IETF is
>permitted to say anything beyond what 'goes on the wire' ??
This sound reasonable to me. Thanks Bill for sensible suggestion.
Let me add that my philisophical differences (which BTW have nothing to
do with what the IETF is permitted to say) do not reflect cisco's position
vis-a-vis auditing. cisco will provide tunable auditing capability regardless
of the wording in these I-Ds. It is regrettable that I must remind some people
of this: I do not speak for cisco, ever.
Dan.
References: