At 06:42 PM 5/30/02 -0400, Markus Hofmann wrote:
Graham Klyne wrote:
> I think that's OK if: (a) the callout processor can be trusted by
> the dispatcher to not save or distribute the information provided
> beyond the immediate requirements of processing, and
Yes (you probably refer to a "callout SERVER" whan talking about a
"callout PROCESSOR", right :)
Yes... the terminology isn't burned into my neural paths yet.
> (b) it is clear that the callout processor only performs
> transformations that are explicitly requested by the dispatcher.
Yes.
> Should that much be mentioned in security considerations?
I wouldn't have a problem with mentioning that, except maybe that it does
not directly relate to the protocol itself. I rather thought this would
have to be included either in the architecture draft or maybe better in
the "policy enforcement" document.
The possible protocol issue I see is that the protocol must communicate
(explicitly or implicitly) such information.
Aside from that, if it's mentioned somewhere else, I suppose it's
OK. (Maybe, in the longer term, it would help to collect the various
security considerations into one place and cite that from all the
documents? Security being more than just a sum-of-parts kind of matter.)
#g
-------------------
Graham Klyne
<GK(_at_)NineByNine(_dot_)org>