[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-v6ops-cpe-simple-security-06

To: james woodyatt <jhw@apple.com>
Subject: Re: draft-ietf-v6ops-cpe-simple-security-06
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Date: Mon, 29 Jun 2009 08:13:39 +0100
Cc: Rémi Després <remi.despres@free.fr>, IPv6 Operations <v6ops@ops.ietf.org>
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=NtcqHcnoL7Xue7wFwvzbIfQZBXV2jcf9I8l5QZqgY3sPbmNYpsCz3ObSjdoW89sZlA O7iNIRcRuRSBAQLo1pSQRYLs7eZibbTXqodeSChUGKF8+NAr8wzVEPTOnbBNLzELXmde bH2h+mWuctogvYshAeSIVoKbs8NxoNzxtIhOU=
In-reply-to: <7D67F759-234E-44D7-8C7F-2D802B7C24B5@apple.com>
Organization: University of Auckland
References: <59336CC4-7B26-45A7-B712-847417BC4F52@apple.com> <3498D5E1-9975-4533-845A-5AAD45FC7D7E@free.fr> <7D67F759-234E-44D7-8C7F-2D802B7C24B5@apple.com>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

Hi James,

On 2009-06-28 17:43, james woodyatt wrote:
...

> All that said, however, I don't see how any "lower level of security"
> than described here is compatible with the level recommended in RFC
> 4864, which was the starting point for this work.  If we're going to
> diverge from that baseline, then I'd expect that work would have to be
> the subject of an rfc4864bis draft, or at least a draft marked as an
> Update to RFC 4864, which this draft is most definitely not.  At least,
> not yet.
> 
> Shorter james: I have no technical objection to the proposal, but my
> editorial judgment is that it isn't appropriate to make it an amendment
> to this draft.

4864 is Informational and this draft is currently tagged with
Intended status: Informational, so we don't have to be legalistic
about requirements. I think this issue could be resolved
by adding to this sentence in the Introduction:

>    In particular, extra care should be taken in designing the baseline
>    operating modes of unconfigured devices, since the security functions
>    of most devices will never be changed from their factory set default.

For example

   The designers of such devices should nevertheless provide user settable
   options for users who wish to increase or decrease the level of
   protection.

       Brian

References:
- draft-ietf-v6ops-cpe-simple-security-06
  - From: james woodyatt <jhw@apple.com>
- Re: draft-ietf-v6ops-cpe-simple-security-06
  - From: Rémi Després <remi.despres@free.fr>
- Re: draft-ietf-v6ops-cpe-simple-security-06
  - From: james woodyatt <jhw@apple.com>

Prev by Date: Re: draft-ietf-v6ops-cpe-simple-security-06
Next by Date: Re: draft-ietf-v6ops-cpe-simple-security-06
Previous by thread: Re: draft-ietf-v6ops-cpe-simple-security-06
Next by thread: Developing a v6ops agenda
Index(es):
- Date
- Thread