Joel Jaeggli wrote:
Keith Moore wrote:
Marshall Eubanks wrote:
If I am reading this correctly the UK Centre for the Protection of
National Infrastructure
wants the IETF (or some other body) to produce a "companion document to
the IETF specifications that discusses the security aspects and
implications of the protocols, identifies the existing vulnerabilities,
discusses the possible countermeasures, and analyses their respective
effectiveness."
It's difficult to imagine that these things could be adequately captured
in a static document, for TCP or any other protocol, because new threats
and countermeasures continue to be identified decades after the base
protocol is well-settled. Maybe something like an expanded version of
the RFC Editor's errata pages would be more appropriate?
One might imagine an informational document which was routinely
obsoleted by future iterations. Keeping it tractable is a product of
necessarily limiting the scope.
I fear that our RFC approval and publication process has become so
onerous that it imposes a significant barrier for dissemination of such
information.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf