Guidelines for Writing RFC Text on Security Considerations

Document Type Expired Internet-Draft (individual in gen area)
Authors Eric Rescorla  , Brian Korver 
Last updated 2015-10-14 (latest revision 2002-04-22)
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state Expired (IESG: Dead)
Action Holders
Consensus Boilerplate Unknown
Telechat date
Responsible AD Erik Nordmark
IESG note Replaced by draft-iab-sec-cons
Responsible: IAB
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


All RFCs are required by [RFC1543] to contain a Security Considera- tions section. The purpose of this is both to encourage document authors to consider security in their designs and to inform the reader of relevant security issues. This memo is intended to provide guidance to RFC authors in service of both ends. This document is structured in three parts. The first is a combina- tion security tutorial and definition of common terms; the second is a series of guidelines for writing Security Considerations; the third is a series of examples.


Eric Rescorla (
Brian Korver (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)