[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
iesg comments on draft-ietf-grip-prot-evidence-03.txt
- To: grip-wg@uu.net
- Subject: iesg comments on draft-ietf-grip-prot-evidence-03.txt
- From: Randy Bush <randy@psg.com>
- Date: Thu, 01 Nov 2001 09:27:48 -0800
- Comment: grip-wg mailing list add/drop requests to Majordomo@TransSys.COM
(a) There is a lot about timestamps and clock drift, but nothing
explicit about timezone information.
Suggestion: Add a bullet to section 2 which says:
- Note the difference between the system clock and UTC,
and for each timestamp privided whether UTC or local time
is used.
(b) A Jury is not used in all countries in the world. Because of that
the texts which talk about providing information to Jury members
(section 2.4) should be changed. I propose one should instead talk
about presenting the information to a court.
---
I think it would be good to give more high-level intro material. The
document seems to assume the reader knows why one needs to be
collecting evidence, *and* what kind of evidence. However, what one is
looking for assumes something about the nature of the incident.
All that is needed is some sentences or a paragraph that provide
examples of what a "security incident" is and the kinds of incidents
that could set off the need for collecting evidence...
Note: the abstract is really terse.
> - Reliable: There must be nothing about how the evidence was
> collected and subsequently handled which that doubt about its
> authenticity and veracity.
can't parse
the latter seems to be fixed by s/that/casts/, yes?
---
maybe suggest (not mandate) specific tools for signing/checksumming
---
randy