[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-ietf-smime-x400wrap - Securing X.400 Content with S/MIME to Proposed Standard
In message <200306021541.LAA12458@ietf.org>, IESG Secretary writes:
>
>Last Call to expire on: November 20, 2001
>
> Please return the full line with your position.
>
> Yes No-Objection Discuss * Abstain
>
>Steve Bellovin [ ] [ ] [ X ] [ ]
The Security Considerations section of both documents is inadequate.
(The phrase "the entire document is about security" is almost as bad as
"security is not discussed".) Are there new security issues raised by
this? If so, outline them. If not, say that, explicitly. The
pointers to the other documents are fine. If the new text is simple
enough, it can be inserted via an RFC Editor's note.
Why isn't AES listed, at least as a SHOULD?
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)