> is vulnerability and threat analysis part of the standardization
> process ??
RFCs 2251-2256, which specify LDAPv3, carry a stern warning up front that
that these documents lack a standard mandatory-to-implement strong
authentication method, hence limiting the applicability of the protocol
(ho
[Apologies in advance for the use of this distribution list,
I need to ensure that I cover as many work areas as possible]
That said, I wanted to ask if folks that are aware of real uses
for "directed broadcasts" in networks today could let me know of
the use. I'm aware of a few (e.g. the Mobi
At 17:02 29.05.2000 +, Dawson, Peter D wrote:
>is vulnerability and threat analysis part of the
>standardization process ??
Yes.
RFC 2223, "Instructions to RFC authors", section 9.
See also RFC 2316, "Report from the IAB security workshop", section 9,
which gives further guidance.
Eric Thomas has helped me start a mailing list on legal
control of the Internet.
The NETLAW mailing list is open for discussion of which
laws and which kind of legal control of the Internet is
wanted or not wanted. Should Internet service providers
help the police? Should we rather use self-contr
Peter - for the last few years the IESG has required IETF working groups
to have meaningful Security Considerations sections in standards
track RFCs - these must include a threat and security analysis
Scott
> is vulnerability and threat analysis part of the
> standardization process ??
yes.
->-Original Message-
->From: Steven M. Bellovin [mailto:[EMAIL PROTECTED]]
->Sent: Monday, May 29, 2000 1:56 PM
->To: Dawson, Peter D
->Cc: [EMAIL PROTECTED]
->Subject: Re: Storage over Ethernet/IP
->
->
->In message
-><[EMAIL PROTECTED]>,
->"Dawson, Peter D" writes:
->>
->>
->>->
In message <[EMAIL PROTECTED]>,
"Dawson, Peter D" writes:
>
>
>->-Original Message-
>->From: Harald Tveit Alvestrand [mailto:[EMAIL PROTECTED]]
>->Sent: Friday, May 26, 2000 6:27 PM
>->To: [EMAIL PROTECTED]
>->Cc: [EMAIL PROTECTED]
>->Subject: RE: Storage over Ethernet/IP
>
>->The point
->-Original Message-
->From: Harald Tveit Alvestrand [mailto:[EMAIL PROTECTED]]
->Sent: Friday, May 26, 2000 6:27 PM
->To: [EMAIL PROTECTED]
->Cc: [EMAIL PROTECTED]
->Subject: RE: Storage over Ethernet/IP
->The point being made, remade and made again here is:
->- Any protocol that offe