Steve,
Quoting Stephen Hanna <shanna(_at_)juniper(_dot_)net>:
Thanks for your response, Ken.
Removing the last sentence that you quoted would make things worse.
Readers of this draft should definitely familiarize themselves with
the security considerations related to priority. We should make that
easier, not harder. The fact that those considerations also apply to
other RFCs does not remove the fact that they apply to this one also.
but those considerations do not directly apply to DIAMETER.
You cannot publish a document whose security considerations section
says (as this one effectively does today), "There are lots of security
considerations related to this document. To understand them, please
dig through all the referenced documents and figure it out yourself."
Doing that digging and analysis is the job of the document editors.
agreed, speaking in the general sense. But again, the security
considerations of these other protocols do not apply to the operation
of Diameter.
In order to ease the burden on you, I think a reasonable compromise
would be for YOU to review the documents referenced and decide which
have the most relevant security considerations. Then you could list
those explicitly in the last paragraph of the Security Considerations.
I'm concerned about the implications of your recommendation. If we
extend this position to other work in the IETF, then efforts like
defining MIBs would mean that each MIB draft would need to perform a
security considerations analysis of each protocol that an objects
refers to in the context of SNMP. And one can extend the argument
that each protocol operating on top of TCP (and/or UDP) and IP would
need to perform an analysis on how TCP/UDP and IP may affect the upper
layer protocol. We don't do that today.
cheers,
-ken
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf