Re: Draft Security Policy
postel@venera.isi.edu Thu, 18 October 1990 03:00 UTC
Received: from venera.isi.edu by NRI.NRI.Reston.VA.US id aa16423; 17 Oct 90 23:00 EDT
Received: from bel.isi.edu by venera.isi.edu (5.61/5.61+local) id <AA02848>; Wed, 17 Oct 90 19:59:15 -0700
Date: Wed, 17 Oct 1990 16:15:11 -0700
From: postel@venera.isi.edu
Posted-Date: Wed, 17 Oct 90 16:15:11 PDT
Message-Id: <9010172315.AA10859@bel.isi.edu>
Received: by bel.isi.edu (4.1/4.0.3-4) id <AA10859>; Wed, 17 Oct 90 16:15:11 PDT
To: psrg-interest@venera.isi.edu, rdp@cert.sei.cmu.edu, saag@tis.com, spwg@NRI.Reston.VA.US, ssphwg@NRI.Reston.VA.US
Subject: Re: Draft Security Policy
Status: O
Rich: Hi. I see no evidience that the following comments were processed. I really am perplexed by the paragraph: Security is understood to include protection of the privacy of information, protection of information against unauthorized modification, protection of systems against denial of service, and protection of systems against unauthorized access or use. ["access" covers unauthorized database lookup, for example; "use" covers unauthorized logging in to a system.] I don't see where this "access" vs "use" distinction is made use of later, and i don't see any difference in the supposed definitions. --jon. Date: Tue, 9 Oct 90 15:08:00 PDT From: postel@ISI.EDU To: rdp@sei.cmu.edu Subject: re: revised security policy draft Cc: crocker@tis.com, iab@ISI.EDU, iesg@ISI.EDU Richard: 1) i dont quite understand "['access' covers unauthorized database lookup, for example; 'use' covers unauthorized logging into a system.]". Is a "database lookup" like (case 1) DNS query or a 'whois' query, or is it like (case 2) searching for citations in a bibliographic data base or looking up flights in the OAG ? I can't imagine how case 1 like queries could be unauthorized, and i think all case 2 queries are really examples of "use". 2) The appendix by James Van Bokkelen has already been published as RFC-1173. --jon.
- Draft Security Policy Richard Pethia
- Re: Draft Security Policy postel
- Re: Draft Security Policy Steven Blair
- Re: Draft Security Policy J Paul Holbrook
- Re: Draft Security Policy Steven Blair
- Re: Draft Security Policy Robert E. Van Cleef