On Thu, 2007-08-23 at 06:15 -0600, Mark A. Carlson wrote:
> I agree with Darren here. A tool to obscure SMF stored passwords (or
> CHAP secrets in the case of iSCSI) needs to be a separate project that
> these other cases can depend on.
Do you want to delay shipping NDMP due to this case dependency until
this currently-unfunded project appears? I don't think that's
acceptable.
We had the opportunity to TCR 2007/177 so that it could have been that
case, but as far as I can tell I was the only one at the time who wanted
to push the obfuscation/encryption into SMF. So the 2007/177 draft
opinion says that it is up to applications on top of SMF to add
additional protections required by the password-storage policy.
> Let's let this case go, or vote.
I believe it would be premature to vote without giving the security SWG
an opportunity to revise or clarify their policy because the way I read
the policy we're supposed to be enforcing I don't feel we have the
freedom to vote to approve.
I don't believe that it makes sense to continue to grant exemptions here
when it's merely inconvenient for the project team to comply; it would
be better to abolish the policy.
- Bill
