Re: Method of Contact - Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I would love to see comment on these 2 key questions:

(1) >   * The proposed mechanism for reporting a vulnerability.

When I originally thought about this I was concerned at the default to use email, acknowledging that this is something with which most IETF participants are quite comfortable. I wondered if it might be better to specify that a web interface was the reporting method, which would automatically generate a report ID number on submission that a bug reporter could use for their reference later on. In contrast, an email may not arrive or may be delayed and automatically generating an acknowledgement response with a ticket/tracking number would rely on an additional system that may have communications issues with the email system.

It seems like a web-based reporting system may also provide a better level of security protection by encrypting the channel & contents of the communication vs. less secure email.

(2) >  * What the email address should be for reports to be sent to.

@Jay - Can you list the options being considered here to help aid the discussion?

Thanks
Jason







[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux