Gorsic, Bonnie L wrote: > It seems that policy should be scenario / use case / mission dependent, > and consequently apply to a number of applications. (And thus be > application independent). > it's normal for policy to be different from one application to another. some applications are permitted by policy, others are forbidden, others are permitted with restrictions. also, it is difficult to generalize policy specification to the point that it can be independent of all applications, because sometimes there is a subtle interaction between policy and the application. for example, many sites have mail filtering policies that hinge on subtleties of SMTP protocol responses and DNS query results. it doesn't make sense to try to specify those in an application-independent fashion. that said, a coarse specification of policy that could be applied to some applications would still be useful. Keith _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf