OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Created: (MQTT-132) Normative references in chapter 5.

Normative references in chapter 5. 
-----------------------------------

                 Key: MQTT-132
                 URL: http://tools.oasis-open.org/issues/browse/MQTT-132
             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
          Issue Type: Bug
          Components: core
    Affects Versions: 3.1.1
            Reporter: Peter Niblett


Public Review Draft 1, Section 1.2 includes  the following references as  "Normative References":

[AES]  Advanced Encryption Standard (AES) (FIPS PUB 197). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[DES] Data Encryption Standard (DES). http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
[PCIDSS] PCI SSC Data Security Standards. https://www.pcisecuritystandards.org/security_standards/
[SARBANES] Sarbanes-Oxley Act of 2002. Corporate responsibility.  http://www.gpo.gov/fdsys/pkg/PLAW-107publ204/html/PLAW-107publ204.htm
[USEUSAFEHARB]  U.S.-EU Safe Harbor  http://export.gov/safeharbor/eu/eg_main_018365.asp

I'm not disputing the value of these references, however OASIS defines a Normative Reference as 

"a reference in a Standards Track Work Product to an external document or resource with which the implementer must comply, in order to comply with a Normative Portion of the Work Product."

I can't see a Normative Portion of a Work Product  that relates to any of these references. 

1. [AES] and [DES] are only referenced in 5.2, which is marked as non-normative. The sentence in question is "Advanced Encryption Standard [AES] and Data Encryption Standard [DES] are widely adopted."
2. The other three are referenced in the first part of 5 which is marked as normative, but the sentence doesn't look particularly normative to me..
"In addition to technical security issues there may also be geographic (e.g., European SafeHarbour [USEUSAFEHARB] ), industry specific (e.g., PCI DSS [PCIDSS]) and regulatory considerations (e.g., Sarbanes-Oxley [SARBANES] )."









-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]