I've seen that but I don't want this document to sit idle for the next
couple of years while that matures and becomes a normative and
stable reference via becoming an RFC.
I'm really thinking that putting in definitive references for transport
layer vulnerabilities is going a bit beyond what is expected of an
INFORMATIONAL document. That being said, I think it's a good idea and am
willing to pursue it within reason.
Gont's document does reference a paper by Steve Bellovin:
Bellovin, S. M. 1989. Security Problems in the TCP/IP Protocol
Suite. Computer Communication Review, Vol. 19, No. 2, pp. 32-48.
That may be found here:
What would you think about referencing that document as an INFORMATIVE
reference in the third subsection of the Security Considerations section?
On Sun, 30 Jan 2011, Sean Turner wrote:
> Not sure if this is what you're looking for, but have you checked out:
> http://datatracker.ietf.org/doc/draft-ietf-tcpm-tcp-security/ >
> On 1/30/11 12:01 PM, Chris Lonvick wrote:
>> Hi Folks,
>> We've finally gotten around to revising draft-gerhards-syslog-plain-tcp.
>> : -)
>> This addresses the issues that Tom raised about
>> - the intro specifically stating what to expect in the body of the text
>> - a note on the transport security.
>> For the first, we just sort'a straightened things out with a few edits.
>> For the latter, I looked in many places for a list of TCP
>> vulnerabilities but couldn't find anything substantial. The US-CERT had
>> a few implementation things and there were a scattering of other things.
>> In the end, I just added a subsection to warn impelemters to look
>> closely before writing code. If anyone has any other suggestions, please
>> let us know.
>> Syslog mailing list
>> Syslog@ietf... >> https://www.ietf.org/mailman/listinfo/syslog >>
Syslog mailing list