On 11/1/05, Paul Hoffman <[EMAIL PROTECTED]> wrote:
At 10:43 AM -0500 11/1/05, Robert Sayre wrote:
>http://www.intertwingly.net/wiki/pie/PaceRemoveSecurityUnspecification
>
>== Abstract ==
>
>Remove security section that hasn't been specified over the past two years.
>
>== Rationale ==
>
>We're never going to populate this.
>
>== Proposal ==
>
>Remove Section 12.
>
>set Security Considerations as follows:
>
>"APP is subject to the security considerations of RFC2616 and RFC2617."
>
>== Notes ==
>
>CategoryProposals
Wearing my co-chair hat: This is not acceptable. The IETF demands
that every standards-track document has a Security Considerations
section, and stub-only security considerations sections *always* get
the document rejected by the IESG until more information is added.
There is no good reason to remove it now in order to delay the
document progress later.
We are not required to write full descriptions of attacks in
protocols or protocol elements that we use, but we *are* required to
list at least the larger known issues in the protocols or protocol
elements that we use.
The current wording in -06 is probably sufficient to not look too
stubby. The first TBD is not needed, given the paragraph above it.
The second TBD can be expanded into a sentence.
--Paul Hoffman, Director
--Internet Mail Consortium
--
- James Snell
http://www.snellspace.com
[EMAIL PROTECTED]
