full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] "Security Assessment

[Full-disclosure] "Security Assessment of the Internet Protocol" & the IETF

From: Fernando Gont <fernando.gont_at_nospam>
Date: Tue Jan 06 2009 - 01:43:03 GMT
To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Folks,

In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of National Infrastructure) published the document "Security Assessment of the Internet Protocol". The motivation of the aforementioned document is explained in the Preface of the document itself. (The paper is available at: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf )

Once the paper was published by CPNI, I produced an IETF Internet-Draft version of the same paper, with the intent of having the IETF publish recommendations and/or update the specifications where necessary. This IETF Internet-Draft is available at:
http://www.gont.com.ar/drafts/ip-security/index.html (and of course it's also available at the IETF I-D repository).

The Internet-Draft I published was aimed at the OPSEC WG. And the Working Group is right now deciding whether to accept this document as a WG item. This is certainly a critical step. Having the OPSEC WG accept this document as a WG item would guarantee to some extent that the IETF will do something about all this, and would also somehow set a precedent in updating the specifications of core protocols and/or providing advice on security aspects of them.

The call for consensus is available at:
http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can voice your opinion on the relevant mailing-list sending an e-mail to opsec@ietf.org . You don't need to subscribe to the mailing list to post a message (although your message will be held for moderator approval before it is distributed to the list members).

The deadline for posting your opinion is January 9th (next Friday).

Thanks so much!

Kind regards,
Fernando Gont

-----BEGIN PGP SIGNATURE-----

Version: PGP Desktop 9.5.3 (Build 5003) - not licensed for commercial use: www.pgp.com

wsBVAwUBSWK2AZbuqe/Qdv/xAQi1/AgAn+H3N3LHqbOxrl1HRXX0D2WULRfz7Ni8 VnV3pltrsSmRKXWvflgsrIhwdR0s2nzoFI7mh42Eks2EErKY596kj0CMhUqjQmZT +Oqgaw0jz7XuGadeN6nErze8AOTA5HzIsK+hl93C/qGoyucW42XKNdeJZlXgOp2Q 8RAKGeogoPNAMw0btVNUj6HZP0dLaqM+2VuQSx9Vr1OIU01+WZ9z/BMQwjKgAl91 sixOPNXZeMT07GCqS03UWGGv+USyw3ksgc2n+X6IOv/HmOOAwduqFyGu6BzzEIDE H86b4DAiye5f5qARrx5JNdsGEK11uWY/H1lFTOu6oP+GXZwkyfv5gg== =m6sI
-----END PGP SIGNATURE-----
-- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/