ietf
[Top] [All Lists]

Re: Error in Security Considerations in an RFC

2010-03-14 12:10:31

I sense from the earlier comments that there may be hesitation to
document the flaw for fear that such documentation would facilitate
exploitation before remediation is in place.

It that is a possiblity, public documentation should wait until some form
of private peer review can occur. I'm not speaking beyond my experience,
by my impression is that CERT provides a mechanism for recording these
sorts of issues allowing for review, etc.

My second suggestion, if the flaw is known to be implemented in released 
software, contact the security departments of the distributors of such
software.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf