On 02/11/2021 04:26 AM, Daniel Migault wrote:
> > OLD: section 6.2 > "Profiles MUST specify how communication security according > to the requirements in Section 5 is provided." > NEW: > section 6.2 is focused on security but the security requirements are > provided in section 5. We may simply remove this sentence. > > OLD section 5. > "Profiles MUST specify a communication security protocol that provides > the features required above." > NEW: > Profiles MUST provide some recommendation on protocols used to establish > these communications. > These communications MUST meet these security requirements. As > communications meeting these requirements may be established in multiple > ways, profiles MUST provide some recommendations as to favor > interoperability. In most cases the recommendations aim at limiting the > number of libraries the client has to support. > The reason that this requirement on the profiles was included in the framework is that the framework itself does not specify how communication security is provided. For the security of the solution it is important that the profiles fill this gap. I think that it is important to emphasize this security requirement. I therefore prefer Goeran's proposals: Proposal 1 (Section 6.2): OLD "Profiles MUST specify how communication security according to the requirements in Section 5 is provided." NEW "The requirements for communication security of profiles are specified in Section 5." Proposal 2 (Section 5): OLD "Profiles MUST specify a communication security protocol that provides the features required above." NEW "Profiles MUST specify at least one communication security protocol that provides the features required above." Viele Grüße Steffi _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
