Thanks for review ... just wanted to respond to one point in this.
On Jun 3, 2009, at 4:47 PM, Spencer Dawkins wrote:
C5. User Identity Protection: The location URI MUST NOT contain
information that identifies the user or device. Examples include
phone extensions, badge numbers, first or last names.
Spencer (minor): this is probably a good idea, but I'm not sure it's
a 2119 MUST (NOT). How would you recognize this on the wire (do you
know what MY badge number is :-)?
There is the age old discussion about what 2119 means in a requirement
document, but I'm trying to ignore that and just go with how well this
conveys the intent of the WG to future readers. I agree we could not
really black box test this but I think it does get to the essence of
what the requirement is. Even last names might be hard to tell they
are a last name, I hear rumor that google thinks Tschofenig is a
strong password though I note is is a very common word to find in
internet drafts :-)
Anyways, I can't think of a better way to write this requirement so
unless someone has a concrete proposal, I suspect I will just leave as
is.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf