On 02/18/2014 08:39 PM, Smith, Donald wrote:
> Just a nit initially.
> "This document
> specifies a set of requirements for IPv6 firewalls, marked as
> "mandatory", "recommended", or "optional"."
>
>
> That isn't the language we use.
FWIW, the plan is to change the requirements language to:
---- cut here ----
In this document, the words that are used to define the significance
of each particular requirement are capitalized. These words are:
o "MUST" This word, or the words "REQUIRED" and "SHALL" mean that
the item is an absolute requirement of the specification.
o "SHOULD" This word or the adjective "RECOMMENDED" means that there
may exist valid reasons in particular circumstances to ignore this
item, but the full implications should be understood and the case
carefully weighed before choosing a different course.
o "MAY" This word or the adjective "OPTIONAL" means that this item
is truly optional. One vendor may choose to include the item
because a particular marketplace requires it or because it
enhances the product, for example; another vendor may omit the
same item.
A firewall implementation is a module that supports at least one of
the feature types defined in this document. Firewall implementations
may support multiple feature types, but conformance is considered
individually for each type.
A firewall implementation is not compliant with a specific feature
type if it fails to satisfy one or more of the MUST requirements of
such specific feature type. An implementation that satisfies all the
MUST and all the SHOULD requirements of a specific feature is said to
be "unconditionally compliant" with such feature type; one that
satisfies all the MUST requirements but not all the SHOULD
requirements is said to be "conditionally compliant" with such
feature type.
---- cut here ----
So you may decide to implement one set of feature, but not another. e.g.
"This device is fully-compliant wit the general security requirements in
[fw-reqs], conditionally-compliant to the reporting requirements in
[fw-reqs]", etc.
(FWIW, this was partly borrowed from the firewalls performance
benchmarking rfc, and part from some other rfc)
Thanks!
Cheers,
--
Fernando Gont
SI6 Networks
e-mail: [email protected]
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
