[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Final pass on BOF issues for -01

To: George Jones <gmj@pobox.com>
Subject: Re: Final pass on BOF issues for -01
From: Dan Hollis <goemon@anime.net>
Date: Fri, 15 Aug 2003 14:00:28 -0700 (PDT)
Cc: opsec@ops.ietf.org
In-reply-to: <Pine.LNX.4.53.0308080849340.21490@mall.pulltheplug.com>

On Fri, 8 Aug 2003, George Jones wrote:
> Below is the final pass/feedback on the BoF issues for -01.  Also
> includes a summary of USENIX securtiy symposium BoF on logging
> (relevent to/overlap with opsec).
> The work-in-progress draft is available at
>     http://www.port111.com/opsec/draft-jones-opsec-00a.txt
> speak SOON if you want to see something changed in -01
> ---George

Addition to 4.2

Vendors MUST provide fixes for e.g. CERT exploits free of charge. Vendors 
MUST NOT require customers to purchase support (or other) contracts in 
order to obtain exploit fixes. Exploit fixes MUST NOT result in a 
reduced feature set - except in cases where removing a feature entirely 
is the ONLY way to stop the exploit.

-Dan

Follow-Ups:
- Re: Final pass on BOF issues for -01
  - From: George Jones <gmj@pobox.com>

References:
- Final pass on BOF issues for -01
  - From: George Jones <gmj@pobox.com>

Prev by Date: -01 draft submitted, summary of changes
Next by Date: Re: Final pass on BOF issues for -01
Previous by thread: Final pass on BOF issues for -01
Next by thread: Re: Final pass on BOF issues for -01
Index(es):
- Date
- Thread