IETF Logo Mail Archive

re: Point of order re: Internet Security Guidelines I-D

Craig Partridge <craig@sics.se> Tue, 25 June 1991 13:15 UTC

Received: from nri.reston.va.us by NRI.NRI.Reston.VA.US id aa07195; 25 Jun 91 9:15 EDT
Received: from mcsun.EU.net by NRI.NRI.Reston.VA.US id aa07169; 25 Jun 91 9:14 EDT
Received: by mcsun.EU.net via EUnet; id AA14447 (5.65a/CWI-2.95); Tue, 25 Jun 91 15:16:13 +0200
Received: from sics.se by sunic.sunet.se (5.61+IDA/KTH/LTH/1.196) id AAsunic14482; Tue, 25 Jun 91 08:32:25 +0200
Received: from garuda.sics.se by sics.se (5.61-bind 1.5+ida/SiteCap-3.0) id AA10734; Tue, 25 Jun 91 08:25:44 +0200
Received: from localhost by garuda.sics.se (5.61-bind 1.4+ida/SiteCap-3.0) id AA26851; Tue, 25 Jun 91 08:25:42 +0200
Message-Id: <9106250625.AA26851@garuda.sics.se>
To: Stephen D Crocker <crocker@tis.com>
Cc: spwg@NRI.Reston.VA.US
Subject: re: Point of order re: Internet Security Guidelines I-D
From: Craig Partridge <craig@sics.se>
Date: Tue, 25 Jun 1991 08:25:40 +0200
Sender: craig@sics.se

Steve:
    
    OK - here's my two cents for spwg.  (Note that I don't have time to
actively get involved in spwg, and thus have not joined the mailing list.
I'm asking that folks keep me on the cc: list for any follow up on this
particular topic).

    Following up on my note to Steve and his reply.  I believe that any
guidelines that expect individuals to conform to a set of policies should
also contain explicit requirements that the policies be conveyed to the
the individuals.  And I don't think putting the requirement that organizations
circulate their policies in a Appendix, while placing the requirement on
users in the main text is appropriate.  It suggests that notification is
less important than conformance -- I don't believe conformance can be
achieved without proper notification.  I also believe that requiring
conformance without giving notification is fundamentally unfair.

Thanks!

Craig

v2.23.0 | Report a Bug | By Email