[Re: Internet Security Guidelines I-D FROM: Steve Kent]
James M Galvin <galvin@tis.com> Fri, 21 June 1991 13:13 UTC
Received: from nri.reston.va.us by NRI.NRI.Reston.VA.US id aa06582; 21 Jun 91 9:13 EDT
Received: from TIS.COM by NRI.NRI.Reston.VA.US id aa06525; 21 Jun 91 9:09 EDT
Received: from TIS.COM by TIS.COM (4.1/SUN-5.64) id AA03932; Fri, 21 Jun 91 09:11:07 EDT
Message-Id: <9106211311.AA03932@TIS.COM>
Reply-To: James M Galvin <galvin@tis.com>
To: Security Policy Working Group <spwg@NRI.Reston.VA.US>
Cc: saag@tis.com
Subject: [Re: Internet Security Guidelines I-D FROM: Steve Kent]
Date: Fri, 21 Jun 1991 09:11:05 -0400
From: James M Galvin <galvin@tis.com>
For completeness. Jim ------- Forwarded Message Message-ID: <9106202242.AA23633@venera.isi.edu> From: Steve Kent <kent@BBN.COM> To: Craig Partridge <craig@sics.se> cc: iab@ISI.EDU, ietf@ISI.EDU Date: Thu, 20 Jun 91 18:33:25 -0400 Subject: Re: Internet Security Guidelines I-D Craig, First, let me observe that the part of the policy guidelines that caught your attention is one which I did not significantly change, i.e., your objection was equally valid with regard to the text approved by the IESG and sent to the IAB. So, your comment should be viewed as indicative of an oversight in the course of the prior IESG review, not a comment about a revision as sent to the IESG by the IAB. Second, I agree with your concern, but note that the first item in the Appendix of the document explicitly mentions site responsibility for making local security policy known, I quote from the original ID: "(i) There must be a clear statement of the local security policy, and this policy must be communicated to the users and other relevant parties. The policy should be on file and available to users at all times, and should be communicated to users as part of providing access to the system." So, the question may be whether this warrents inclusion in one of the top level guidelines as you suggest, or whether the discussion in the Appendix suffices. I have no objection to making this consideration more prominent, but I'll leave it to the original authors to perform the next round of edits. Steve ------- End of Forwarded Message
- [Re: Internet Security Guidelines I-D FROM: Steveā¦ James M Galvin