Joel Jaeggli wrote:
Keith Moore wrote:
Marshall Eubanks wrote:
If I am reading this correctly the UK Centre for the Protection of
National Infrastructure
wants the IETF (or some other body) to produce a "companion document to
the IETF specifications that discusses the security aspects and
implications of the protocols, identifies the existing vulnerabilities,
discusses the possible countermeasures, and analyses their respective
effectiveness."
It's difficult to imagine that these things could be adequately captured
in a static document, for TCP or any other protocol, because new threats
and countermeasures continue to be identified decades after the base
protocol is well-settled. Maybe something like an expanded version of
the RFC Editor's errata pages would be more appropriate?
One might imagine an informational document which was routinely
obsoleted by future iterations.
Unfortunately this isnt new information - the liabilities of IP have
been well identified and understood for years like the BGP4 flap as well.
What the IETF still seems to fail to grasp is that it is responsible for
its actions so its not taking security and the ability to produce
reliable evidence of anything over a network transport are key factors
and need to be built into any IETF endorsement that is issued in the
form of a standard or standards-track effort.
I also would suggest that the IETF be willing to support other protocols
besides IP based - hell XNS was way more secure than IP is by its very
design.
Its not that TCP/IP is bad - its just that it wasnt designed as an
evidentiary-grade data transport and that is nowadays a real issue.
Keeping it tractable is a product of
necessarily limiting the scope.
I dont think so. Building an analysis scope which is defined to meet
the evidence needs today would address this requirement and only need to
be updated periodically to meet those changing evidence models.
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf