ietf
[Top] [All Lists]

Re: what is a threat analysis?

2005-08-10 14:30:47
 Date: 2005-08-10 15:41
 From: Michael Thomas <thomasm(_at_)cisco(_dot_)com>

Having a "threat analysis" was brought up at the plenary by Steve
Bellovin as being a Good Thing(tm).
[...]
So, if this is going to be yet another hoop that the IESG and IAB
sends working groups through like problem statements, requirements
documents and the like, I think it ought to be incumbent on
those people demanding such things to actually both agree and
document what it is that they are demanding.

See FYI 36 (a.k.a. RFC 2828) for the definition of threat analysis.

RFC 3552, "Guidelines for Writing RFC Text on Security Considerations",
may also be helpful (although it does not use the exact term "threat
analysis").  All RFCs must contain a Security Considerations section
(RFC 2223, section 9).

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf



<Prev in Thread] Current Thread [Next in Thread>