lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 07 Jan 2009 23:21:08 +0100
From: Jerome Athias <jerome.athias@...e.fr>
To: Fernando Gont <fernando.gont@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: [Suspected Spam]"Security Assessment of the Internet Protocol"
 & the IETF

Hi,

I still not have read all your paper, but my first word is congratulations!
That's an hard job.

Since a quick search didn't give a result for it, and maybe others could
be interested:
The AVISPA (Automated Validation of Internet Security Protocols and
Applications) project aims at developing a push-button,
industrial-strength technology for the analysis of large-scale Internet
security-sensitive protocols and applications.

This website contains all relevant information about AVISPA for project
members, interested third parties and scientists worldwide.
http://www.avispa-project.org/

My 2 cents for now
/JA

Fernando Gont a écrit :
> Folks,
>
> In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of
> National Infrastructure) published the document "Security Assessment
> of the
> Internet Protocol". The motivation of the aforementioned document is
> explained in the Preface of the document itself. (The paper is available
> at: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf )
>
> Once the paper was published by CPNI, I produced an IETF Internet-Draft
> version of the same paper, with the intent of having the IETF publish
> recommendations and/or update the specifications where necessary. This
> IETF
> Internet-Draft is available at:
> http://www.gont.com.ar/drafts/ip-security/index.html (and of course it's
> also available at the IETF I-D repository).
>
> The Internet-Draft I published was aimed at the OPSEC WG. And the Working
> Group is right now deciding whether to accept this document as a WG item.
> This is certainly a critical step. Having the OPSEC WG accept this
> document
> as a WG item would guarantee to some extent that the IETF will do
> something
> about all this, and would also somehow set a precedent in updating the
> specifications of core protocols and/or providing advice on security
> aspects of them.
>
> The call for consensus is available at:
> http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can
> voice your opinion on the relevant mailing-list sending an e-mail to
> opsec@...f.org . You don't need to subscribe to the mailing list to post a
> message (although your message will be held for moderator approval before
> it is distributed to the list members).
>
> The deadline for posting your opinion is January 9th (next Friday).
>
> Thanks so much!
>
> Kind regards,
> Fernando Gont
>
>
>
>

-- 
Fernando Gont
e-mail: fernando@...t.com.ar || fgont@....org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1







Powered by blists - more mailing lists