Joel Jaeggli wrote: > Keith Moore wrote: >> Marshall Eubanks wrote: >>> If I am reading this correctly the UK Centre for the Protection of >>> National Infrastructure >>> wants the IETF (or some other body) to produce a "companion document to >>> the IETF specifications that discusses the security aspects and >>> implications of the protocols, identifies the existing vulnerabilities, >>> discusses the possible countermeasures, and analyses their respective >>> effectiveness." >> It's difficult to imagine that these things could be adequately captured >> in a static document, for TCP or any other protocol, because new threats >> and countermeasures continue to be identified decades after the base >> protocol is well-settled. Maybe something like an expanded version of >> the RFC Editor's errata pages would be more appropriate? > > One might imagine an informational document which was routinely > obsoleted by future iterations. Keeping it tractable is a product of > necessarily limiting the scope. I fear that our RFC approval and publication process has become so onerous that it imposes a significant barrier for dissemination of such information. Keith _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf