In the requirements phase, a separate security requirements draft is useful. I agree with Dacheng that it is important to consider the requirements for the whole system. If security requirements were dispersed, I'd be concerned that something would be missed.
That doesn't mean that security should be covered separately when we get to solutions documents. Pat -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Melinda Shore Sent: Wednesday, September 11, 2013 5:16 PM To: [email protected] Subject: Re: [nvo3] draft-hartman-nvo3-security-requirements On 9/11/2013 10:14 AM, Zu Qiang wrote: > First of all, I do agree that we may need a security requirement > draft. But I don't think this draft is ready for WG adoption. At > least my comments in this mail have not been addressed yet. I feel > that there are subtle issues that have not been considered and I plan > to expand it on in a draft which I'm working on. I don't think that a separate security requirements draft is a good idea, for reasons I've touched upon before. That said, I also find your criteria for draft adoption overly stringent and not particularly consistent with how the IETF does business. It is typically not the case that a draft needs to be publication-ready, or even very mature, for it to be adopted by a working group. It should be in the right general ballpark and have an editor who can be relied upon to record working group consensus in the document. I think it would be fantastic if you and Dacheng got together and drew up some security requirements for inclusion in the requirements documents. Security requirements should not be considered outside the context of other protocol or operational requirements. Melinda _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3 _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
