On 17/12/20 23:35, Joseph Touch wrote:
On Dec 17, 2020, at 5:58 PM, Fernando Gont <fgont@xxxxxxxxxxxxxxx
<mailto:fgont@xxxxxxxxxxxxxxx>> wrote:
What we mean is:
#1: Spell out the interop req. i.e., tell us the properties that the
IDs must have. -- we want to know the minium requirements the IDs need
to comply to.
#2: Analyze the possible implications of such IDs.
#3: If you found any possible issues in #2, just suggest something to
the implementer that complies with #1 and deals gracefully with #2.
That would be the topic of a document on “Specifying the
interoperability requirements of generated IDs in protocols”.
That is not the title of this document; the difference between the two
is where we disagree.
Clearly not.
There's no single advice in this document on how to specifiy
interoperability requirements for numeric IDs.
The goal is to do a security analysis. Folks writing a spec are expected
to know how to do #1. We ask that #1 is spelled out clearly, because
that a "must have" to do #2, and also to review such analysis. And when
you do #2, you may have to do #3 if issues are found.
-- the kind of stuff you do in security considerations nowadays.
--
Fernando Gont
SI6 Networks
e-mail: fgont@xxxxxxxxxxxxxxx
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
