[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MUSTs

To: Bill Sommerfeld <sommerfeld@east.sun.com>
Subject: Re: MUSTs
From: George Jones <gmj@pobox.com>
Date: Mon, 4 Aug 2003 07:53:55 -0400 (EDT)
Cc: ericb@digitaljunkyard.net, Dan Hollis <goemon@anime.net>,opsec@ops.ietf.org
In-reply-to: <200308031807.h73I7d8Q014437@thunk.east.sun.com>
References: <200308031807.h73I7d8Q014437@thunk.east.sun.com>
Reply-to: gmj@pobox.com

See if you think this rewording helps to clarify:

2.5.1 Comply With Relevant IETF RFCs on All Protocols Implemented

   Requirement. The default configuration of the device MUST fully
      comply with IETF RFCs for all protocols implemented.  "Compliance"
      is defined in terms of [RFC2119].   The device MUST conform to the
      absolute requirements.  Any optional or recommended functionality
      implemented MUST be in conformance with the RFC.  The device MAY
      provide means by which it can be configured in ways that are not
      compliant with the RFCs (for instance, if conformance is
      determined to be insecure).

   Justification. A device must first perform its primary function
      correctly.  Once it is proven to perform its primary function, it
      makes sense to ask if it does/can perform securely.  For Internet
      connected devices, compliance with RFCs provides a minimum level
      of assurance that the device will function as intended and
      interoperate as part of an operational network.  Failure to comply
      with RFCs calls correct functioning into question and makes the
      determination of secure functioning a secondary concern.

Prev by Date: Re: MUSTs
Next by Date: Re: MUSTs
Previous by thread: Re: MUSTs/contextualizing
Index(es):
- Date
- Thread