OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Updated: (MQTT-132) Normative references in chapter 5.

     [ http://tools.oasis-open.org/issues/browse/MQTT-132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Banks updated MQTT-132:
------------------------------

    Component/s: edits
                     (was: core)

> Normative references in chapter 5. 
> -----------------------------------
>
>                 Key: MQTT-132
>                 URL: http://tools.oasis-open.org/issues/browse/MQTT-132
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Bug
>          Components: edits
>    Affects Versions: 3.1.1
>            Reporter: Peter Niblett
>
> Public Review Draft 1, Section 1.2 includes  the following references as  "Normative References":
> [AES]  Advanced Encryption Standard (AES) (FIPS PUB 197). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
> [DES] Data Encryption Standard (DES). http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
> [PCIDSS] PCI SSC Data Security Standards. https://www.pcisecuritystandards.org/security_standards/
> [SARBANES] Sarbanes-Oxley Act of 2002. Corporate responsibility.  http://www.gpo.gov/fdsys/pkg/PLAW-107publ204/html/PLAW-107publ204.htm
> [USEUSAFEHARB]  U.S.-EU Safe Harbor  http://export.gov/safeharbor/eu/eg_main_018365.asp
> I'm not disputing the value of these references, however OASIS defines a Normative Reference as 
> "a reference in a Standards Track Work Product to an external document or resource with which the implementer must comply, in order to comply with a Normative Portion of the Work Product."
> I can't see a Normative Portion of a Work Product  that relates to any of these references. 
> 1. [AES] and [DES] are only referenced in 5.2, which is marked as non-normative. The sentence in question is "Advanced Encryption Standard [AES] and Data Encryption Standard [DES] are widely adopted."
> 2. The other three are referenced in the first part of 5 which is marked as normative, but the sentence doesn't look particularly normative to me..
> "In addition to technical security issues there may also be geographic (e.g., European SafeHarbour [USEUSAFEHARB] ), industry specific (e.g., PCI DSS [PCIDSS]) and regulatory considerations (e.g., Sarbanes-Oxley [SARBANES] )."

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]