5. Derived Requirements
This section is incomplete, but was added in response to a specific
request. It makes sense to me because we're doing this before the WG
takes up the base and SSP drafts. To some extent we get to define
what's in the threat analysis document, so if there is consensus (and
agreement from the chairs) that we don't need this section, I'll make
it go away.
Well, I'm not so sure about that, since that section could be useful
later on.
The idea is that that section would contain whatever security (or
other I guess) requirements that we derive whilst doing the threat
analysis. Then when we're about at last call on the standards track
documents, we can check back and see if that document meets the
relevant requirements derived from the threat analysis. If it does,
fine. If not, then we should justify the divergence or fix something.
I'd personally rather we tried this and if its not turning out to
be useful (i.e. if we can't fairly easily derive some testable
requirements) then at that point we can delete the section or put
in some text as to why we're not deriving requirements.
Stephen.
PS: The charter does say we'll do/try this too.
_______________________________________________
ietf-dkim mailing list
http://dkim.org
