| Number | Files | Title | Authors | Date | More Info | Status |
|---|---|---|---|---|---|---|
| RFC 3552,BCP 72 | Guidelines for Writing RFC Text on Security Considerations | E. Rescorla, B. Korver | July 2003 | Updated byRFC 8996,RFC 9416,Errata | Best Current Practice | |
| RFC 9416,BCP 72 | Security Considerations for Transient Numeric Identifiers Employed in Network Protocols | F. Gont, I. Arce | July 2023 | UpdatesRFC 3552 | Best Current Practice |
All RFCs are required to have a Security Considerations section. Historically, such sections have been relatively weak. This document provides guidelines to RFC authors on how to write a good Security Considerations section. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.
Poor selection of transient numerical identifiers in protocols suchas the TCP/IP suite has historically led to a number of attacks onimplementations, ranging from Denial of Service (DoS) or datainjection to information leakages that can be exploited by pervasivemonitoring. Due diligence in the specification of transient numericidentifiers is required even when cryptographic techniques areemployed, since these techniques might not mitigate all theassociated issues. This document formally updates RFC 3552,incorporating requirements for transient numeric identifiers, toprevent flaws in future protocols and implementations.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.