[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
iesg comments on draft-ietf-grip-prot-evidence-04.txt
comment on the latest
> draft-ietf-grip-prot-evidence-04.txt, which is in the i-d directory,
> addresses the iesg comments as appended.
> this seems to be the one point the authors don't feel it necessary to
> address. while they say "not necessary" i wonder if it is really that
> any such list would be platform-biased and a bit ephemeral.
They write in the draft:
> Where feasible you should consider generating checksums and
> cryptographically signing the collected evidence, as this may make it
> easier to preserve a strong chain of evidence. In doing so you must
> not alter the evidence.
In section 5 they have examples of tools (e.g. ps and gdb, so they're
not averse to platform-bias in examples) to accomplish many of their
recommendations. Unless the Coroner's Toolkit helps with signing the
evidence, there is no example given of a summing or signing tool. The
only reason I think this is important is because it's a potential
instance of giving practical advice about security tools...
any chace we could relax here?