[rfc-i] RFC Server Outage Report

Russ Housley housley at vigilsec.com
Wed Apr 11 10:09:08 PDT 2012

My understanding is that no modified content was provided to clients during this time.


On Apr 11, 2012, at 6:11 AM, SM wrote:

> Dear Internet Architecture Board,
> According to draft-iab-rfc-editor-model-v2-05, the Internet Architecture Board
> maintains its chartered responsibility for the RFC Editor as defined in RFC 2850.  I hope that it is the appropriate party to enquire about this RFC Editor matter.
> The RFC Server Outage Report posted at http://www.rfc-editor.org/pipermail/rfc-interest/2012-April/003218.html mentions that the "the RFC Editor server was attacked
> and compromised" and that "the website was returning invalid search results for searches against the RFC Editor database".  From the report I gather that any information served by www.rfc-editor.org over HTTP or HTTPS should be considered as invalid during the period mentioned in the report.
> The report does not mention whether information served by ftp.rfc-editor.org during that period should be considered as valid.  It is not clear from the report whether "the RFC Editor server" refers to both www.rfc-editor.org and ftp.editor.org.  Can that be clarified?
> Regards,
> -sm

More information about the rfc-interest mailing list