[LACNIC/Seguridad] Consideraciones de seguridad en IETF (Fwd: [saag] RFC3552bis...)

Fernando Gont fernando en gont.com.ar
Lun Jul 11 08:30:03 BRT 2016


En la lista de SAAG se esta trabajando en posibles formas de actualizar
RFC3552, que es el que recomienda como escribir consideraciones de
seguridad en RFCs.

Con Iván Arce estamos trabajando en todo lo referido a "transient
numeric identifiers", dado que en el ambito de estandares, tenemos mas
de 30 años haciendo las cosas mal.

Los interesados en participar de las discusiones pueden suscrivirse a
las listas de saag y de privsec-program. (y si alguno esta interesado y
no sabe como hacerlo, chifle, y les ayudo).


-------- Forwarded Message --------
Subject: [saag] RFC3552bis...
Date: Thu, 30 Jun 2016 10:22:43 +0100
From: Stephen Farrell <stephen.farrell en cs.tcd.ie>
To: saag en ietf.org <saag en ietf.org>


RFC3552/BCP72 [1] is about to become a teenager:-) For those
of you that don't know it by heart, that's the one that tells
folks what to put into their security considerations sections
and it dates back to July 2003.

Following on from discussion at saag in B-A, partly driven by
the work Fernando and others have done on identifiers, but also
other chats going back to the STRINT workshop, Kathleen and I
have discussed what to do about all that and having re-read the
text we reckon that now would be a good time to start work on
an RFC3552bis document to replace the current one.

In outline, we think the main tasks there we'd like to see happen
would be to a) update numerous things that are out of date, b) add
text about things that weren't so important in 2003, such as privacy,
perhaps borrowing bits from RFC6973 [2] that make sense as BCP-like
statements, and c) to make it as understandable and easy to grasp
as possible and ideally a good bit shorter.

Having figured out what we'd like, and being lazy ADs, we needed
some other folks to do the actual work so we asked Yoav Nir and
Magnus Westerlund (both cc'd) and we're delighted to say that
they've agreed to be editors for this effort. (Thanks again to
you both.)

The overall plan then is roughly to:-

- Kick off discussion now on the saag list (this mail)
- Get folks' feedback on changes they'd like (if that gets
  too voluminous we'll start a new list)
- Have a short slot at the saag session in Berlin where the
  editors can review the plan and get more feedback/comments
- The editors will send some mail about tooling (e.g. if
  they want to use github, they'll say that etc.)
- The editors will produce a -00 and we'll iterate on that
  until done
- A more substantive discussion of remaining open issues
  in November at IETF97 if needed, (which we suspect will
  be needed:-)
- Hopefully we end up ready for IETF LC around the end of
  the year or early in 2017.
- We have what'll quite probably be a fun IETF LC:-)
- Mid-2017: BCP72 will become the new RFC.

So please do re-read [1,2] and send your comments on what you
think needs changing to this list and/or the editors and/or to
Kathleen or I as appropriate.


[1] https://tools.ietf.org/html/bcp72
[2] https://tools.ietf.org/html/rfc6973

Fernando Gont
e-mail: fernando en gont.com.ar || fgont en si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

Más información sobre la lista de distribución Seguridad