Security Assessment of the Transmission Control Protocol (TCP)

Fernando Gont [] posted a mail to the SAAG mailing list about the work he did on analyzing TCP. His publication has triggered discussions in the IETF on how to publish these types of documents and his publication was picked up by the media as well. Here is what Fernando posted to SAAG:

Last week the UK CPNI (United Kingdom’s Centre for the Protection of National Infrastructure) released the document “Security Assessment of the Transmission Control Protocol (TCP)”. The document analyzes the relevant specifications from a security point of view, and also analyzes
the implications of some implementation strategies taken by popular TCP implementations. This document is available at:

As part of the same project, we have produced an IETF I-D version of the UK CPNI document, in the hope that the IETF works on this stuff and hopefully publishes some version of the aforementioned document. The resulting IETF I-D is entitled “Security Assessment of the Transmission Control Protocol (TCP)” and is available at:

Leave a Reply

Your email address will not be published. Required fields are marked *