Marshall Eubanks wrote: > If I am reading this correctly the UK Centre for the Protection of > National Infrastructure > wants the IETF (or some other body) to produce a "companion document to > the IETF specifications that discusses the security aspects and > implications of the protocols, identifies the existing vulnerabilities, > discusses the possible countermeasures, and analyses their respective > effectiveness." It's difficult to imagine that these things could be adequately captured in a static document, for TCP or any other protocol, because new threats and countermeasures continue to be identified decades after the base protocol is well-settled. Maybe something like an expanded version of the RFC Editor's errata pages would be more appropriate? _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf