lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <49638760.c401be0a.7c34.6a2c@mx.google.com>
Date: Tue, 06 Jan 2009 13:24:30 -0300
From: Fernando Gont <fernando.gont@...il.com>
To: full-disclosure@...ts.grok.org.uk,bugtraq@...urityfocus.com
Subject: "Security Assessment of the Internet Protocol" &
	the IETF

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Folks,

In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of
National Infrastructure) published the document "Security Assessment of the
Internet Protocol". The motivation of the aforementioned document is
explained in the Preface of the document itself. (The paper is available
at: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf )

Once the paper was published by CPNI, I produced an IETF Internet-Draft
version of the same paper, with the intent of having the IETF publish
recommendations and/or update the specifications where necessary. This IETF
Internet-Draft is available at:
http://www.gont.com.ar/drafts/ip-security/index.html (and of course it's
also available at the IETF I-D repository).

The Internet-Draft I published was aimed at the OPSEC WG. And the Working
Group is right now deciding whether to accept this document as a WG item.
This is certainly a critical step. Having the OPSEC WG accept this document
as a WG item would guarantee to some extent that the IETF will do something
about all this, and would also somehow set a precedent in updating the
specifications of core protocols and/or providing advice on security
aspects of them.

The call for consensus is available at:
http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can
voice your opinion on the relevant mailing-list sending an e-mail to
opsec@...f.org . You don't need to subscribe to the mailing list to post a
message (although your message will be held for moderator approval before
it is distributed to the list members).

The deadline for posting your opinion is January 9th (next Friday).

Thanks so much!

Kind regards,
Fernando Gont




-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003) - not licensed for commercial 
use: www.pgp.com

wsBVAwUBSWK2AZbuqe/Qdv/xAQi1/AgAn+H3N3LHqbOxrl1HRXX0D2WULRfz7Ni8
VnV3pltrsSmRKXWvflgsrIhwdR0s2nzoFI7mh42Eks2EErKY596kj0CMhUqjQmZT
+Oqgaw0jz7XuGadeN6nErze8AOTA5HzIsK+hl93C/qGoyucW42XKNdeJZlXgOp2Q
8RAKGeogoPNAMw0btVNUj6HZP0dLaqM+2VuQSx9Vr1OIU01+WZ9z/BMQwjKgAl91
sixOPNXZeMT07GCqS03UWGGv+USyw3ksgc2n+X6IOv/HmOOAwduqFyGu6BzzEIDE
H86b4DAiye5f5qARrx5JNdsGEK11uWY/H1lFTOu6oP+GXZwkyfv5gg==
=m6sI
-----END PGP SIGNATURE-----


--
Fernando Gont
e-mail: fernando@...t.com.ar || fgont@....org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ