Re: Error in Security Considerations in an RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I sense from the earlier comments that there may be hesitation to
document the flaw for fear that such documentation would facilitate
exploitation before remediation is in place.

It that is a possiblity, public documentation should wait until some form
of private peer review can occur. I'm not speaking beyond my experience,
by my impression is that CERT provides a mechanism for recording these
sorts of issues allowing for review, etc.

My second suggestion, if the flaw is known to be implemented in released 
software, contact the security departments of the distributors of such
software.
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]