On 02/18/2014 08:39 PM, Smith, Donald wrote:
> Just a nit initially.
> "This document
>    specifies a set of requirements for IPv6 firewalls, marked as
>    "mandatory", "recommended", or "optional"."
> 
> 
> That isn't the language we use.

FWIW, the plan is to change the requirements language to:

---- cut here ----
   In this document, the words that are used to define the significance
   of each particular requirement are capitalized.  These words are:

   o  "MUST" This word, or the words "REQUIRED" and "SHALL" mean that
      the item is an absolute requirement of the specification.

   o  "SHOULD" This word or the adjective "RECOMMENDED" means that there
      may exist valid reasons in particular circumstances to ignore this
      item, but the full implications should be understood and the case
      carefully weighed before choosing a different course.

   o  "MAY" This word or the adjective "OPTIONAL" means that this item
      is truly optional.  One vendor may choose to include the item
      because a particular marketplace requires it or because it
      enhances the product, for example; another vendor may omit the
      same item.

   A firewall implementation is a module that supports at least one of
   the feature types defined in this document.  Firewall implementations
   may support multiple feature types, but conformance is considered
   individually for each type.

   A firewall implementation is not compliant with a specific feature
   type if it fails to satisfy one or more of the MUST requirements of
   such specific feature type.  An implementation that satisfies all the
   MUST and all the SHOULD requirements of a specific feature is said to
   be "unconditionally compliant" with such feature type; one that
   satisfies all the MUST requirements but not all the SHOULD
   requirements is said to be "conditionally compliant" with such
   feature type.
---- cut here ----

So you may decide to implement one set of feature, but not another. e.g.
"This device is fully-compliant wit the general security requirements in
[fw-reqs], conditionally-compliant to the reporting requirements in
[fw-reqs]", etc.

(FWIW, this was partly borrowed from the firewalls performance
benchmarking rfc, and part from some other rfc)

Thanks!

Cheers,
-- 
Fernando Gont
SI6 Networks
e-mail: [email protected]
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492




_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec

Reply via email to