full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] [Suspected Spam]"

Re: [Full-disclosure] [Suspected Spam]"Security Assessment of the Internet Protocol" & the IETF

From: Jerome Athias <jerome.athias_at_nospam>
Date: Wed Jan 07 2009 - 22:21:08 GMT
To: Fernando Gont <fernando.gont@gmail.com>


I still not have read all your paper, but my first word is congratulations! That's an hard job.

Since a quick search didn't give a result for it, and maybe others could be interested:
The AVISPA (Automated Validation of Internet Security Protocols and Applications) project aims at developing a push-button, industrial-strength technology for the analysis of large-scale Internet security-sensitive protocols and applications.

This website contains all relevant information about AVISPA for project members, interested third parties and scientists worldwide. http://www.avispa-project.org/

My 2 cents for now

Fernando Gont a écrit :
> Folks,
> In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of
> National Infrastructure) published the document "Security Assessment
> of the
> Internet Protocol". The motivation of the aforementioned document is
> explained in the Preface of the document itself. (The paper is available
> at: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf )
> Once the paper was published by CPNI, I produced an IETF Internet-Draft
> version of the same paper, with the intent of having the IETF publish
> recommendations and/or update the specifications where necessary. This
> Internet-Draft is available at:
> http://www.gont.com.ar/drafts/ip-security/index.html (and of course it's
> also available at the IETF I-D repository).
> The Internet-Draft I published was aimed at the OPSEC WG. And the Working
> Group is right now deciding whether to accept this document as a WG item.
> This is certainly a critical step. Having the OPSEC WG accept this
> document
> as a WG item would guarantee to some extent that the IETF will do
> something
> about all this, and would also somehow set a precedent in updating the
> specifications of core protocols and/or providing advice on security
> aspects of them.
> The call for consensus is available at:
> http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can
> voice your opinion on the relevant mailing-list sending an e-mail to
> opsec@ietf.org . You don't need to subscribe to the mailing list to post a
> message (although your message will be held for moderator approval before
> it is distributed to the list members).
> The deadline for posting your opinion is January 9th (next Friday).
> Thanks so much!
> Kind regards,
> Fernando Gont
-- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/