[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OPS-AREA] Issue 3: replacement boilerplate formanagementobjectsensitivity

I support the separation the texts and lists of writeable and readable
(only) objects. I believe that this variant works better. 

Dan

(speaking as contributor) 

> -----Original Message-----
> From: ops-area-bounces at ietf.org 
> [mailto:ops-area-bounces at ietf.org] On Behalf Of David Harrington
> Sent: Wednesday, February 04, 2009 8:28 PM
> To: 'Randy Presuhn'; 'ops-area (IETF)'
> Subject: Re: [OPS-AREA] Issue 3: replacement boilerplate 
> formanagementobjectsensitivity
> 
> Hi,
> 
> > I prefer the approach of the old text, which split the information 
> > elements according to concern (modification or mere exposure),
> 
> So would this work better?
> 
> -- include this paragraph if the management information can 
> be created, deleted, or modified:
> 
>    Some management information defined in this document can 
> be created, deleted, or modified by one or more management protocols.
> Unauthorized or inappropriate modification could have a 
> negative effect on network operations or security. 
> 
>     <list the sensitive information elements and state why 
> they are sensitive to modification>
> 
> -- include the following in all documents that define management
> information:
> 
>    The management information defined in this document can be 
> considered sensitive or lead to network vulnerabilities in 
> some environments. It is important to control access to this 
> information and possibly to encrypt the information when 
> sending the information over a network using a management 
> protocol, to prevent unauthorized or inappropriate exposure 
> of this information. 
> 
> Following is a list of the potentially sensitive information, 
> and why this information is sensitive:
> 
>     <list the sensitive information elements and state why 
> they are sensitive to exposure>
>  
> 
> dbh
> 
> > -----Original Message-----
> > From: ops-area-bounces at ietf.org
> > [mailto:ops-area-bounces at ietf.org] On Behalf Of Randy Presuhn
> > Sent: Wednesday, February 04, 2009 1:17 PM
> > To: 'ops-area (IETF)'
> > Subject: Re: [OPS-AREA] Issue 3: replacement boilerplate for 
> > managementobjectsensitivity
> > 
> > Hi -
> > 
> > > From: "David Harrington" <ietfdbh at comcast.net>
> > > To: "'ops-area (IETF)'" <ops-area at ietf.org>
> > > Sent: Wednesday, February 04, 2009 7:47 AM
> > > Subject: [OPS-AREA] Issue 3: replacement boilerplate for
> > management objectsensitivity
> > ...
> > > NEW:
> > ...
> > > Following is a list of the potentially sensitive
> > information, and why
> > > this information is sensitive:
> > > 
> > >     <list the sensitive information elements and state why they
> are
> > > sensitive to modification and exposure>
> > ...
> > 
> > I prefer the approach of the old text, which split the information 
> > elements according to concern (modification or mere 
> exposure), rather 
> > than lumping everything together like this, since 
> separating them may
> help
> > in security policy formulation and sanity checking.
> > 
> > Randy
> > 
> > _______________________________________________
> > OPS-AREA mailing list
> > OPS-AREA at ietf.org
> > https://www.ietf.org/mailman/listinfo/ops-area
> > 
> 
> _______________________________________________
> OPS-AREA mailing list
> OPS-AREA at ietf.org
> https://www.ietf.org/mailman/listinfo/ops-area
>