5.9 There is text about how customer security measures must not hide
QoS information from the SP. That's very wrong. At least, if it's wrong
if they mean "you must show us port numbers". But more fundamentally,
it says "a security solution deployed by a customer must not hide
information...". I don't think this document should be specifying that
sort of requirements for customer behavior.
this is a generic issue - we've been over this in relation to diffserv and
ipsec a number of times - I think the right language is something like