I have to comments. 1) I do not see this document as a BCP. Despite the inclusion of the boilerplate, there is not a single MUST in the document. I have no objection to an Informational RFC. 2) The document is really about transient identifiers. It does not only apply to ones that are numeric. Russ > On Dec 7, 2020, at 10:08 AM, The IESG <iesg-secretary@xxxxxxxx> wrote: > > > The IESG has received a request from an individual submitter to consider the > following document: - 'Security Considerations for Transient Numeric > Identifiers Employed in > Network Protocols' > <draft-gont-numeric-ids-sec-considerations-06.txt> as Best Current Practice > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this action. Please send substantive comments to the > last-call@xxxxxxxx mailing lists by 2021-01-04. Exceptionally, comments may > be sent to iesg@xxxxxxxx instead. In either case, please retain the beginning > of the Subject line to allow automated sorting. > > Abstract > > > Poor selection of transient numerical identifiers in protocols such > as the TCP/IP suite has historically led to a number of attacks on > implementations, ranging from Denial of Service (DoS) to data > injection and information leakage that can be exploited by pervasive > monitoring. To prevent such flaws in future protocols and > implementations, this document updates RFC 3552, requiring future > RFCs to contain analysis of the security and privacy properties of > any transient numeric identifiers specified by the protocol. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
