Melinda,
One advantage of having a single "Security Requirements" draft at this
point is because
of the current goals of the working group - i.e. - to determine:
o What the problem is that the WG would like to see solved
o What the background/environment is in which the solution(s)
need to work
o What the requirements are to accomplish this, and
o What is missing.
As the editor of the "what is missing" draft, I find having a single
security requirements
draft that defines the over-arching security needs in the problem space greatly
superior to the
potential for a "security considerations" section in each of the other
requirements drafts that
cannot really say much beyond "solutions intended to address the requirements
defined in
this document must include appropriate security considerations specific to the
solution(s) they
provide."
We don't want to use solutions documents that describe the security
considerations
that apply to the solutions to determine what the security requirements are for
the problem.
There is a difference between "Security Requirements" and "Security
Considerations"
as well. They may sound similar, but they are not.
Once the WG is re-chartered to provide specific solutions, the prior
existence of a
"security requirements" document should provide an excellent guide to the folks
writing the
"security considerations" sections of solution documents as to at least the
high-level items to
discuss.
I doubt that anyone is proposing the existence of a security
requirements document
will excuse writers of other documents from including appropriate security
considerations
specific to what their document(s) propose.
--
Eric
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Melinda
Shore
Sent: Friday, August 23, 2013 1:22 PM
To: [email protected]
Subject: Re: [nvo3] Poll for WG adoption of
draft-hartman-nvo3-security-requirements-01
On 8/23/13 7:22 AM, Bocci, Matthew (Matthew) wrote:
> This email begins a two week poll to help the chairs determine if
> there is consensus to adopt
> draft-hartman-nvo3-security-requirements-01.txt as an NVO3 working group
> draft.
What's the reason for not incorporating this material into the other
requirements drafts? I think that the text is a good start but I am generally
not that enthusiastic about moving security issues into separate documents
unless there's a compelling reason.
Melinda
_______________________________________________
nvo3 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nvo3
_______________________________________________
nvo3 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nvo3
