RFC 4732 (November 2006)
"Internet Denial-of-Service Considerations"
This document provides an overview of possible avenues for denial-
of-service (DoS) attack on Internet systems. The aim is to encourage
protocol designers and network engineers towards designs that are
more robust. We discuss partial solutions that reduce the
effectiveness of attacks, and how some solutions might inadvertently
open up alternative vulnerabilities.
**** Highly relevant to P2600 - an excellent tutorial on the range
and types of DoS attacks, including end systems (e.g., printers)
RFC 4772 (December 2006)
"Security Implications of Using the Data Encryption Standard (DES)"
The Data Encryption Standard (DES) is susceptible to brute-force
attacks, which are well within the reach of a modestly financed
adversary. As a result, DES has been deprecated, and replaced by the
Advanced Encryption Standard (AES). Nonetheless, many applications
continue to rely on DES for security, and designers and implementers
continue to support it in new applications. While this is not always
inappropriate, it frequently is. This note discusses DES security
implications in detail, so that designers and implementers have all
the information they need to make judicious decisions regarding its
**** Highly relevant to P2600 and IPP - DES is no longer approved for
unclassified uses after May 19,2007 by the US government - DES
was never approved for classified uses by the US government
RFC 4775 (December 2006)
"Procedures for Protocol Extensions and Variations"
This document discusses procedural issues related to the
extensibility of IETF protocols, including when it is reasonable to
extend IETF protocols with little or no review, and when extensions
or variations need to be reviewed by the IETF community. Experience
has shown that extension of protocols without early IETF review can
carry risk. The document also recommends that major extensions to or
variations of IETF protocols only take place through normal IETF
processes or in coordination with the IETF.
This document is directed principally at other Standards Development
Organizations (SDOs) and vendors considering requirements for
extensions to IETF protocols. It does not modify formal IETF
**** Highly relevant to PWG with respect to IPP extensions
RFC 4778 (January 2007)
"Current Operational Security Practices in Internet Service Provider
This document is a survey of the current practices used in today's
large ISP operational networks to secure layer 2 and layer 3
infrastructure devices. The information listed here is the result of
information gathered from people directly responsible for defining
and implementing secure infrastructures in Internet Service Provider
**** Fascinating - EVERY surveyed ISP disables HTTP out-of-band
Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Blue Roof Music / High North Inc
PO Box 221 Grand Marais, MI 49839
email: imcdonald at sharplabs.com
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.26/751 - Release Date: 4/7/2007 10:57 PM