%% You should probably cite rfc9416 instead of this I-D. @techreport{gont-numeric-ids-sec-considerations-11, number = {draft-gont-numeric-ids-sec-considerations-11}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-gont-numeric-ids-sec-considerations/11/}, author = {Fernando Gont and Ivan Arce}, title = {{Security Considerations for Transient Numeric Identifiers Employed in Network Protocols}}, pagetotal = 10, year = 2023, month = jan, day = 27, abstract = {Poor selection of transient numerical identifiers in protocols such as the TCP/IP suite has historically led to a number of attacks on implementations, ranging from Denial of Service (DoS) or data injection to information leakages that can be exploited by pervasive monitoring. Due diligence in the specification of transient numeric identifiers is required even when cryptographic techniques are employed, since these techniques might not mitigate all the associated issues. This document formally updates RFC 3552, incorporating requirements for transient numeric identifiers, to prevent flaws in future protocols and implementations.}, }