Re: [Fwd: new draft (draft-arsenault-sacred-reqs-00.txt)]

[Stephen Farrell <stephen.farrell@xxxxxxxxxxxx>]

Hi Dale,

> I suggest replacing the last four paragraphs
> of this section with something like ...

Ahh, suggested text - great! (Looks good too.)

> The credential format, the download and upload protocols, and the credential 
> storage device’s unique capabilities may be highly interrelated in some cases.  
> Shouldn't we say something about that in this section ?

Agreed. But before we know what to say, we first need to figure out 
if we've consensus that credentials are regarded (by the protocol) as
octet strings or whether the credential structure is "exposed" in the
protocol. *If* we can keep knowledge of the credential structure in 
the client, then I don't think we need to bother with it in the 
protocol or credential server. Personally, I'm not sure. 

> > 5. Security Considerations
> 
> This entire document is about security.

Hmm. Doesn't that generate general scoffing at the SAAG every now
and then? Some of the more interesting text I've seen in these
recently has been about d-o-s attacks, which tends not to fit
elsewhere.

Stephen.

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 647 7406
61 Fitzwilliam Lane,                    fax: +353 1 647 7499
Dublin 2.                mailto:stephen.farrell@xxxxxxxxxxxx
Ireland                             http://www.baltimore.com