Guidelines for Writing RFC Text on Security Considerations
RFC 3552
Document Type RFC - Best Current Practice (July 2003; Errata)
Also known as BCP 72
Authors Eric Rescorla  , Brian Korver 
Last updated 2020-01-21
Stream IAB
Formats plain text html pdf htmlized with errata bibtex
Stream IAB state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
Email authors IPR References Referenced by Nits 
Network Working Group                                        E. Rescorla
Request for Comments: 3552                                    RTFM, Inc.
BCP: 72                                                        B. Korver
Category: Best Current Practice                          Xythos Software
                                             Internet Architecture Board
                                                                     IAB
                                                               July 2003

       Guidelines for Writing RFC Text on Security Considerations

Status of this Memo

   This document specifies an Internet Best Current Practices for the
   Internet Community, and requests discussion and suggestions for
   improvements.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   All RFCs are required to have a Security Considerations section.
   Historically, such sections have been relatively weak.  This document
   provides guidelines to RFC authors on how to write a good Security
   Considerations section.

Table of Contents

   1. Introduction . . . . . . . . . . . . . . . . . . . . . . .   3
      1.1. Requirements. . . . . . . . . . . . . . . . . . . . .   3
   2. The Goals of Security. . . . . . . . . . . . . . . . . . .   3
      2.1. Communication Security. . . . . . . . . . . . . . . .   3
           2.1.1. Confidentiality. . . . . . . . . . . . . . . .   4
           2.1.2. Data Integrity . . . . . . . . . . . . . . . .   4
           2.1.3. Peer Entity authentication . . . . . . . . . .   4
      2.2. Non-Repudiation . . . . . . . . . . . . . . . . . . .   5
      2.3. Systems Security. . . . . . . . . . . . . . . . . . .   5
           2.3.1. Unauthorized Usage . . . . . . . . . . . . . .   6
           2.3.2. Inappropriate Usage. . . . . . . . . . . . . .   6
           2.3.3. Denial of Service. . . . . . . . . . . . . . .   6
   3. The Internet Threat Model. . . . . . . . . . . . . . . . .   6
      3.1. Limited Threat Models . . . . . . . . . . . . . . . .   7
      3.2. Passive Attacks . . . . . . . . . . . . . . . . . . .   7
           3.2.1. Confidentiality Violations . . . . . . . . . .   8
           3.2.2. Password Sniffing. . . . . . . . . . . . . . .   8
           3.2.3. Offline Cryptographic Attacks. . . . . . . . .   9

Rescorla & Korver        Best Current Practice                  [Page 1]
RFC 3552           Security Considerations Guidelines          July 2003

      3.3. Active Attacks. . . . . . . . . . . . . . . . . . . .   9
           3.3.1. Replay Attacks . . . . . . . . . . . . . . . .  10
           3.3.2. Message Insertion. . . . . . . . . . . . . . .  10
           3.3.3. Message Deletion . . . . . . . . . . . . . . .  11
           3.3.4. Message Modification . . . . . . . . . . . . .  11
           3.3.5. Man-In-The-Middle. . . . . . . . . . . . . . .  12
      3.4. Topological Issues. . . . . . . . . . . . . . . . . .  12
      3.5. On-path versus off-path . . . . . . . . . . . . . . .  13
      3.6. Link-local. . . . . . . . . . . . . . . . . . . . . .  13
   4. Common Issues. . . . . . . . . . . . . . . . . . . . . . .  13
      4.1. User Authentication . . . . . . . . . . . . . . . . .  14
           4.1.1. Username/Password. . . . . . . . . . . . . . .  14
           4.1.2. Challenge Response and One Time Passwords. . .  14
           4.1.3. Shared Keys. . . . . . . . . . . . . . . . . .  15
           4.1.4. Key Distribution Centers . . . . . . . . . . .  15
           4.1.5. Certificates . . . . . . . . . . . . . . . . .  15
           4.1.6. Some Uncommon Systems. . . . . . . . . . . . .  15
           4.1.7. Host Authentication. . . . . . . . . . . . . .  16
      4.2. Generic Security Frameworks . . . . . . . . . . . . .  16
      4.3. Non-repudiation . . . . . . . . . . . . . . . . . . .  17
      4.4. Authorization vs. Authentication. . . . . . . . . . .  18
           4.4.1. Access Control Lists . . . . . . . . . . . . .  18
           4.4.2. Certificate Based Systems. . . . . . . . . . .  18
      4.5. Providing Traffic Security. . . . . . . . . . . . . .  19
           4.5.1. IPsec. . . . . . . . . . . . . . . . . . . . .  19
           4.5.2. SSL/TLS. . . . . . . . . . . . . . . . . . . .  20
           4.5.3. Remote Login . . . . . . . . . . . . . . . . .  22
      4.6. Denial of Service Attacks and Countermeasures . . . .  22
           4.6.1. Blind Denial of Service. . . . . . . . . . . .  23
           4.6.2. Distributed Denial of Service. . . . . . . . .  23
           4.6.3. Avoiding Denial of Service . . . . . . . . . .  24
           4.6.4. Example: TCP SYN Floods. . . . . . . . . . . .  24
           4.6.5. Example: Photuris. . . . . . . . . . . . . . .  25
      4.7. Object vs. Channel Security . . . . . . . . . . . . .  25
      4.8. Firewalls and Network Topology. . . . . . . . . . . .  26
   5. Writing Security Considerations Sections . . . . . . . . .  26
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools