Re: [Cbor] Secdir telechat review of draft-ietf-cbor-sequence-01

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sep 25, 2019, at 16:12, Stephen Kent <stkent=40verizon.net@xxxxxxxxxxxxxx> wrote:
> 
> Carsten,
>> Hi Stephen,
>> 
>> thank you for this review.
>> 
>> On Sep 6, 2019, at 19:55, Stephen Kent via Datatracker <noreply@xxxxxxxx> wrote:
>>> The second paragraph of the Security Considerations section reminds the
>>> reader that decoders (parsers) ought to be designed with the understanding that
>>> inputs are untrusted ??? good advice. I???d be happier if the final sentence
>>> changed ???must??? to ???MUST??? to reinforce this admonition.
>> Here I have a question: It seemed to me that we generally try to avoid putting BCP14 keywords into security considerations sections ??? after all, the interoperability requirements should be handled in the actual protocol definition, not in the security considerations after the fact.
> I am not aware of the convention you mention re BCP 14 keywords in the Security Considerations section. I'm pretty confident that I have seen the use of such keywords in other SC section sin the past
>> This MUST would be an implementation requirement.  Is this something we want to do in a security considerations section?  RFC 3552 appears to be silent about this.
> 
> I don’t think 3552 makes a statement on this topic either way.

Thank you, so I have submitted -02 with a MUST in the final sentence.

Grüße, Carsten






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux