{"draft":"draft-gont-numeric-ids-sec-considerations-11","doc_id":"RFC9416","title":"Security Considerations for Transient Numeric Identifiers Employed in Network Protocols","authors":["F. Gont","I. Arce"],"format":["HTML","TEXT","PDF","XML"],"page_count":"10","pub_status":"BEST CURRENT PRACTICE","status":"BEST CURRENT PRACTICE","source":"IETF - NON WORKING GROUP","abstract":"Poor selection of transient numerical identifiers in protocols such\r\nas the TCP\/IP suite has historically led to a number of attacks on\r\nimplementations, ranging from Denial of Service (DoS) or data\r\ninjection to information leakages that can be exploited by pervasive\r\nmonitoring. Due diligence in the specification of transient numeric\r\nidentifiers is required even when cryptographic techniques are\r\nemployed, since these techniques might not mitigate all the\r\nassociated issues. This document formally updates RFC 3552,\r\nincorporating requirements for transient numeric identifiers, to\r\nprevent flaws in future protocols and implementations.","pub_date":"July 2023","keywords":["security","vulnerability","algorithm","attack","fingerprinting"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC3552"],"updated_by":[],"see_also":["BCP0072"],"doi":"10.17487\/RFC9416","errata_url":null}