Tim Hollebeek <tim.hollebeek=40digicert.com@xxxxxxxxxxxxxx> wrote:
> I think the document would be vastly improved if the security
> considerations section were expanded to list a variety of
> security-relevant properties (for example, guaranteed uniqueness), and
> also an easy to read table showing which UUID generation methods do /
> do not have the desired properties. This would greatly assist
> implementors who are looking for a UUID method / format that has the
> properties they want, and would help security reviewers to be able to
> quickly determine the properties (or lack thereof) of a certain kind of
> UUID, and use that as input to a security analysis about how UUIDs are
> used.
> I would encourage the authors to think about whether they agree such a
> summary of security properties would be helpful, and consider adding
> it.
Thank you for these comments.
I think that you are looking for improvements to the SC section to basically
just recall (reference) all the things that we had previous said.
That might only be five or six sentences, once we have the right anchors in
place.
(speaking as WG co-chair)
--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
Attachment:
signature.asc
Description: PGP signature
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
