[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: authmeth question: definition of "sensitive"
RHARRISON@novell.com said:
> Section 2 paragaph 1 defines "sensitive" as "data that will cause real
> damage to the owner if revealed."
> I propose that we change this
> definition to conform to the RECOMMENDED definition in RFC 2828
> (Internet Security Glossary): Information is sensitive if disclosure,
> alteration, destruction, or loss of the information would adversely
> affect the interests or business of its owner or user.
I think this is fine, and..
> In general, I
> would like to ensure that our usage of security related terms in the
> authmeth draft conforms closely to the recommended definitions in RFC
> 2828.
..I think this general rule-of-thumb is also good.
In addition, when someone comes across the need to define a term that's not
already in RFC 2828, they should submit a comment on 2828 to the SAAG list:
saag@lists.tislabs.com
JeffH