Re: IESG feedback on core drafts.

To: Simon Tatham <anakin%pobox.com@localhost>
Subject: Re: IESG feedback on core drafts.
From: RJ Atkinson <rja%extremenetworks.com@localhost>
Date: Fri, 14 Mar 2003 09:54:30 -0500


On Friday, Mar 14, 2003, at 04:07 America/Montreal, Simon Tatham wrote:

It might be worth mentioning explicitly that this is assuming the
solution of a similar key-distribution problem to the one which lays
SSH open to MITM in the first place!


Generally speaking, the goal of the Security Considerations section
ought to be to:
	- describe residual risks from use of this protocol,
		including potential implementation flaws.
	- describe methods that those residual risks might be
		mitigated, if such methods exist.
	- leave the reader of the document with a clear and accurate
		understanding of what the deployment risks are, so that
		an operator/user can make an informed decision about
		whether to deploy/use the technology in the RFC

IMHO,

Ran

Follow-Ups:
- Re: IESG feedback on core drafts.
  - From: Simon Tatham

References:
- Re: IESG feedback on core drafts.
  - From: Simon Tatham

Prev by Date: Re: IESG feedback on core drafts.
Next by Date: Re: IESG feedback on core drafts.
Previous by Thread: Re: IESG feedback on core drafts.
Next by Thread: Re: IESG feedback on core drafts.
Indexes:

Home | Main Index | Thread Index | Old Index