Keith Moore wrote: > Marshall Eubanks wrote: >> If I am reading this correctly the UK Centre for the Protection of >> National Infrastructure >> wants the IETF (or some other body) to produce a "companion document to >> the IETF specifications that discusses the security aspects and >> implications of the protocols, identifies the existing vulnerabilities, >> discusses the possible countermeasures, and analyses their respective >> effectiveness." > > It's difficult to imagine that these things could be adequately captured > in a static document, for TCP or any other protocol, because new threats > and countermeasures continue to be identified decades after the base > protocol is well-settled. Maybe something like an expanded version of > the RFC Editor's errata pages would be more appropriate? One might imagine an informational document which was routinely obsoleted by future iterations. Keeping it tractable is a product of necessarily limiting the scope. > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf