Re: Fwd: Security Assessment of the Transmission Control Protocol (TCP)

From: Joel Jaeggli <joelja at bogus.com>
To: Keith Moore <moore at network-heretics.com>
Cc: opsec wg mailing list <opsec at ietf.org>, IETF discussion list <ietf at ietf.org>
Date: Fri, 13 Feb 2009 19:27:16 -0800
In-reply-to: <49961BDB.9030905 at network-heretics.com>
References: <4994A4EB.5030607 at gmail.com> <0B030ADA-F621-4FDF-9CAF-23A27C16E26B at multicasttech.com> <49961BDB.9030905 at network-heretics.com>

Keith Moore wrote:
> Marshall Eubanks wrote:
>> If I am reading this correctly the UK Centre for the Protection of
>> National Infrastructure
>> wants the IETF (or some other body) to produce a "companion document to
>> the IETF specifications that discusses the security aspects and
>> implications of the protocols, identifies the existing vulnerabilities,
>> discusses the possible countermeasures, and analyses their respective
>> effectiveness."
> 
> It's difficult to imagine that these things could be adequately captured
> in a static document, for TCP or any other protocol, because new threats
> and countermeasures continue to be identified decades after the base
> protocol is well-settled.  Maybe something like an expanded version of
> the RFC Editor's errata pages would be more appropriate?

One might imagine an informational document which was routinely
obsoleted by future iterations. Keeping it tractable is a product of
necessarily limiting the scope.

> _______________________________________________
> Ietf mailing list
> Ietf at ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>

Follow-Ups:
- Re: Fwd: Security Assessment of the Transmission Control Protocol (TCP)
  - From: TSG
- Re: Fwd: Security Assessment of the Transmission Control Protocol (TCP)
  - From: Keith Moore

References:
- Fwd: Security Assessment of the Transmission Control Protocol (TCP)
  - From: Marshall Eubanks
- Re: Fwd: Security Assessment of the Transmission Control Protocol (TCP)
  - From: Keith Moore

Prev by Date: RE: References to Redphone's "patent"
Next by Date: Re: How we got here, RE: References to Redphone's "patent"
Previous by thread: Re: Fwd: Security Assessment of the Transmission Control Protocol (TCP)
Next by thread: Re: Fwd: Security Assessment of the Transmission Control Protocol (TCP)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Fwd: Security Assessment of the Transmission Control Protocol (TCP)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.