12. Security Considerations

Information that creates or updates a registration needs to be authenticated and authorized. IANA updates registries according to instructions in published RFCs and from the IESG. It may also accept clarifications from document authors, relevant working group chairs, designated experts, and mail list participants.

Information concerning possible security vulnerabilities of a protocol may change over time. Likewise, security vulnerabilities related to how an assigned number is used may change as well. As new vulnerabilities are discovered, information about such vulnerabilities may need to be attached to existing registrations so that users are not misled as to the true security issues surrounding the use of a registered number.

Security needs to be considered as part of the selection of a registration policy. For some protocols, registration of certain parameters will have security implications, and registration policies for the relevant registries must ensure that requests get appropriate review with those security implications in mind.

An analysis of security issues is generally required for all protocols that make use of parameters (data types, operation codes, keywords, etc.) documented in IETF protocols or registered by IANA. Such security considerations are usually included in the protocol document [BCP72]. It is the responsibility of the IANA considerations associated with a particular registry to specify whether value-specific security considerations must be provided when assigning new values and the process for reviewing such claims.