[Top] [All Lists]

Re: draft-murchison-lmtp-ignorequota-01

2001-08-31 11:35:43

--On Friday, August 31, 2001 13:07 -0400 
Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
No problem - can whoever ends up doing the RFC make sure to include
that in the 'Security Considerations' section (or maybe even go so far as
to only allow passing LDAP key/value pairs if other means have been used
to authenticate the submitter)?

Of course.  That's why we have security considerations section.

Ned knows how to use the building blocks, Chris knows how, Larry knows
how, people keep claiming I know how - but I can think of a number of
vendors that *will* get it wrong unless they're specifically told "Here,
use one of these 3 blocks - don't use the green ones though, they need
purple ones too to make them fit..."

Unfortunately, the people who tend to get it wrong tend to be the same people who don't read the security considerations section. While I definitely support good security consideration sections describing fairly concrete scenarios, we can't go so far as to explain how to build a secure computer system in every RFC.

                - Chris

<Prev in Thread] Current Thread [Next in Thread>