Section 2 paragaph 1 defines "sensitive" as "data that will
cause real damage to the owner if revealed."
I propose that we change this definition to conform to the
RECOMMENDED definition in RFC 2828 (Internet Security Glossary): Information is
sensitive if disclosure, alteration, destruction, or loss of the information
would adversely affect the interests or business of its owner or
user.
In general, I would like to ensure that our usage of security
related terms in the authmeth draft conforms closely to the recommended
definitions in RFC 2828.
Your comments on either or both of these
proposals?
Roger
|