Re: MUST vs. SHOULD audit

[Bill Sommerfeld <sommerfeld@apollo.hp.com>]

> >Responses from other WG members suggests that so long as we restrict the
> >specs to requring support for what COULD be audited, IF auditing is turned
> >on and IF the system in which IPsec is embedde supports auditing, then this
> >is a reasonable part of the IPsec specifications.
> 
> Well, today's implementor's meeting at the IPsec decided that auditing
> *should* be done. I strongly disagree with going into details of
> the sort "well, if you have auditing and you have it turned on then
> you should log this and that event".

Ok, between Steve's message and what I saw at the meeting yesterday,
there seems to be general agreement that the drafts should define the
"audit points" in the protocol (that may not be quite the right term,
but I think people know what I mean), and that if ipsec auditing is
supported by an implementation, it should be possible for an
administrator to enable/disable it.

The remaining point of contention appears to be the difference between
"SHOULD support auditing" and "MUST support auditing if the platform
supports auditing".

I think that there's not going to be a whole lot of difference in
practice between these two points, so I don't see a need to
overspecify on this point -- the documents are long enough as it is..

					- Bill

---

References:

• Re: MUST vs. SHOULD audit
• From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

---

• Prev by Date: Re: Slicing and Dicing in new-esp
• Next by Date: Re: Slicing and Dicing in new-esp
• Prev by thread: Re: MUST vs. SHOULD audit
• Next by thread: Re: oakley-03: last call comments
• Index(es):
  • Main
  • Thread