[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TMOC Liaison - Security Management System (TMOC Issue 56)
On Feb 3, 2005, at 16:59, Wijnen, Bert (Bert) wrote:
I am already sending a response that their references to the SNMP RFCs
are VEYR VERY outdated. I have not look at this in detail.
Not just those references. They have some seriously out of date
references scattered all over the place. Here are some other examples
of outdated references found in < 2 minutes of glance:
RFC-793 is not the latest word on TCP. A number of other RFCs
are now required of all modern implementations, but are not listed.
The POSIX documents are both drafts from IEEE 1003, not from USG.
TCSEC has been replaced twice already (first by ITSEC, more
recently by the ISO Common Criteria + various security profile
documents).
For Kerberos, they cite an ancient MIT document, rather than the
reasonably current IETF standards-track RFCs.
For SSH, they cite known-insecure old versions rather than the
work from the IETF SECSH WG.
There is a lot of opportunity for them to revisit and correct their list
of references.
Yours,
Ran
rja@extremenetworks.com
Disclaimer: Employed by, but not speaking for, Extreme Networks.