Browse Prior Art Database

Guidelines for Writing RFC Text on Security Considerations (RFC3552)

IP.com Disclosure Number: IPCOM000018642D
Original Publication Date: 2003-Jul-01
Included in the Prior Art Database: 2003-Jul-30

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

E. Rescorla: AUTHOR [+2]

Abstract

All RFCs are required to have a Security Considerations section. Historically, such sections have been relatively weak. This document provides guidelines to RFC authors on how to write a good Security Considerations section.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � E. Rescorla

Request for Comments: 3552� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � RTFM, Inc.

BCP: 72� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � B. Korver

Category: Best Current Practice� � � � � � � � � � � � � � � � � � � � � � � � � Xythos Software

� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � Internet Architecture Board

� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � IAB

� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � July 2003

� � � � � � Guidelines for Writing RFC Text on Security Considerations

Status of this Memo

� � This document specifies an Internet Best Current Practices for the

� � Internet Community, and requests discussion and suggestions for

� � improvements.� Distribution of this memo is unlimited.

Copyright Notice

� � Copyright (C) The Internet Society (2003).� All Rights Reserved.

Abstract

� � All RFCs are required to have a Security Considerations section.

� � Historically, such sections have been relatively weak.� This document

� � provides guidelines to RFC authors on how to write a good Security

� � Considerations section.

Table of Contents

� � 1. Introduction . . . . . . . . . . . . . . . . . . . . . . .� � 3

� � � � � 1.1. Requirements. . . . . . . . . . . . . . . . . . . . .� � 3

� � 2. The Goals of Security. . . . . . . . . . . . . . . . . . .� � 3

� � � � � 2.1. Communication Security. . . . . . . . . . . . . . . .� � 3

� � � � � � � � � � 2.1.1. Confidentiality. . . . . . . . . . . . . . . .� � 4

� � � � � � � � � � 2.1.2. Data Integrity . . . . . . . . . . . . . . . .� � 4

� � � � � � � � � � 2.1.3. Peer Entity authentication . . . . . . . . . .� � 4

� � � � � 2.2. Non-Repudiation . . . . . . . . . . . . . . . . . . .� � 5

� � � � � 2.3. Systems Security. . . . . . . . . . . . . . . . . . .� � 5

� � � � � � � � � � 2.3.1. Unauthorized Usage . . . . . . . . . . . . . .� � 6

� � � � � � � � � � 2.3.2. Inappropriate Usage. . . . . . . . . . . . . .� � 6

� � � � � � � � � � 2.3.3. Denial of Service. . . . . . . . . . . . . . .� � 6

� � 3. The Internet Threat Model. . . . . . . . . . . . . . . . .� � 6

� � � � � 3.1. Limited Threat Models . . . . . . . . . . . . . . . .� � 7

� � � � � 3.2. Passive Attacks . . . . . . . . . . . . . . . . . . .� � 7

� � � � � � � � � � 3.2.1. Confidentiality Violations . . . . . . . . . .� � 8

� � � � � � � � � � 3.2.2. Password Sniffing. . . . . . . . . . . . . . .� � 8

� � � � � � � � � � 3.2.3. Offline Cryptographic Attacks. . . . . . . . .� � 9

Rescorla & Korver� � � � � � � Best Current Practice� � � � � � � � � � � � � � � � � [Page 1]

RFC 3552� � � � � � � � � � Security Considerations Guide...