The issue of protocol security has received increasing attention as
communications networks have evolved from physically segregated systems using
specialized protocols toward systems that are more open at every level. It has
become clear that protocol security must be considered at all stages: design,
implementation, and deployment. Following the IETF model, there has been
encouragement in the past to require a discussion of security considerations in
every new protocol-related Recommendation. Going forward, it is seen as
desirable to provide formal support for the work on protocol security at the
Study Group level by establishing a Question concerned with the topic of
security coordination within the Study Group. In keeping with this coordinating
role, the Question does not itself have any responsibility for specific existing
Recommendations, and is not expected to generate any Recommendations itself.
Study items to be considered include, but are not limited to:
- What is the content of an appropriate policy for the consideration of
protocol security in the work of the Study Group?
- What are the means to assure that such a policy is being followed in
- What exceptions to the general policy are permissible in the case of
- What is the impact of security-related work in other groups on the work
of protocol security within this Study Group at the policy level?
- What are the means by which technical developments in protocol security
achieved in other groups may be communicated to interested Questions in this
Study Group, and the reverse?
Tasks include, but are not limited to, the following:
- In cooperation with other Questions of the Study Group, document a
general policy to be followed for the consideration of protocol security at
the stages of design, implementation, and deployment, for new
protocol-related Recommendations and for updates to existing
- In cooperation with other Questions of the Study Group, devise
procedures for the enforcement of the agreed policy. These procedures may
call upon the resources of this Question for their execution.
- Provide consultation to other Questions on the application of the
general policy to specific Recommendations.
- Provide liaison to other groups working in the area of protocol
security, for the purpose of improving the work on protocol security within
the Study Group. These groups specifically include the Study Group having
the lead role in security within the ITU-T and the Security Directorate
within the IETF.
- Create supplements relating the security requirements received from the
lead Study Group to the work on signalling protocols in this Study Group.
- Create Recommendations responding to the security requirements where
these fall outside the scope of any other Question of the Study Group.
All protocol-related Recommendations created or updated by the Study Group,
indirectly through policy guidance or directly through review or consultation.
All Questions of the Study Group that are tasked with the creation or
maintenance of protocol-related Recommendations.
- The lead Study Group on security issues.
- Security coordinators of other Study Groups where such have been
- The Security Directorate of the IETF.
- Security-related activities of regional standards bodies, IEEE and ISO/IEC.