Security Assessment of TCP at the IETF

Hash: SHA256

Hello, folks,

In February this year the UK CPNI published the document "Security
Assessment of the Transmission Control Protocol (TCP)" (available at:

Earlier this year we published an IETF Internet-Draft version of this
document (available at:
in the hope of having the IETF further work on the TCP security paper UK
CPNI had published.

My personal take (possibly biased, since I am the document author)
is that this document has been the result of a lot of work (including
the work of the many peple that reviewed the CPNI version of the
document), and that the IETF should take this chance to work and publish
something on the subject.

The chairs of the TCPM Working Group of the IETF are currently polling
the WG for input about this document. It would be great if you could
voice your opinion about whether the TCPM should take this document on,
and also whether you would be willing to review this document. (Bellow
youll find a copy of the TCPM chairs poll)

Please send your comments to (and please CC me).


Kind regards,

- -------- Original Message --------
Subject: [tcpm] poll for adopting draft-gont-tcp-security
Date: Wed, 24 Jun 2009 14:25:04 -0500
From: Eddy, Wesley M. (GRC-MS00)[Verizon] <>
To: tcpm Extensions WG <>

TCPMers, there was a thread a while ago about working on
draft-gont-tcp-security in this working group that didnt
conclusively give us a feeling one way or other:

Basically, my understanding is that there are at least a
handful of people in the WG that think it should be done
here as a WG item (more likely for Informational rather
than BCP), and there are also some expressed opinions on
why it shouldnt.

Given the raw size of the document, if the WG intends to
take this document on, then we need some people to clearly
commit to putting cycles into review and contributions to
the document.  Since it is quite large, and to my knowledge,
there hasnt been a specific technical review of the content
on this list, but just discussions about if the idea in
general is a good or bad thing, we still need to know if
people are willing to invest their time and energy in this.

Please let us know if there is traction for this in the
near term, and/or we can also discuss it in Stockholm.

- ---------------------------
Wes Eddy
Network & Systems Architect
Verizon FNS / NASA GRC
Office: (216) 433-6682
- ---------------------------

tcpm mailing list
Version: GnuPG v1.4.9 (MingW32)