On 12/5/13 3:50 PM, ramki Krishnan wrote: >>>REQ2: (Page 8) > This should recommend some authorization mechanisms such as md5 checksum.
I agree with your other suggestions, but 1) I don't think a requirements document should be making specific technology recommendations, and 2) md5 provides some assurances about message integrity, but really has nothing to say about policy. In rereading the requirement I think it's actually not as clear as it could be although I think its intent is absolutely correct. I'd probably change the text to something along the lines of: "Before accepting a control packet, the device receiving the packet MUST verify that the device sending the request is authorized to make that request. This is a policy decision." Melinda _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
