(as individual)
Hi,
I'm mostly leaving this to Steve, but I do want to touch on one of the
comments, below:
On 4 Aug 2015, at 7:23, Steve Donovan wrote:
Appendix C.5:
C.5. No New Vulnerabilities
The working group believes that DOIC is compliant with the
requirement to avoid introducing new vulnerabilities. However, this
requirement may warrant an early security expert review.
Hmm! I fear that it would difficult to consider this draft 'ready'
if there is no reasonable consensus that it hasn't introduced any new
vulnerabilities. Has the security expert review actually happened?
SRD> No, a security expert review has not happened, other then
Stephen's review.
Also, the point of the statement that the "working group believes..." is
to show working group consensus. The early review mention was merely to
try to be extra diligent. And while an _early_ review didn't happen, I
think the fact that Stephen is now the responsible AD serves a similar
purpose.
Thanks!
Ben.
_______________________________________________
Gen-art mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/gen-art
