If you discover a security issue in the DIVE protocol specification, please report it responsibly.

You have several options:

Since DIVE is intended to become an IETF standard, protocol-level vulnerabilities should ideally be disclosed through appropriate IETF channels:

• Relevant IETF working groups
• IETF mailing lists
• Internet-Draft feedback mechanisms

This ensures proper review and coordinated discussion within the standards community.

You may open an issue in this repository if:

• The issue is not highly sensitive, or
• You want to start a public discussion

Please clearly label it as a security concern.

For sensitive or undisclosed vulnerabilities, you can contact the author directly:

Email: mateo@callec.net

This security policy applies to:

• The DIVE protocol design and specification
• Draft-related tooling and generation scripts (secondary priority)

After a report is received:

• The issue will be reviewed and validated
• A mitigation or clarification will be proposed
• The draft will be updated if necessary
• Coordination with the IETF may occur for protocol-level changes

• This repository does not operate a formal bug bounty program
• Responsible disclosure is strongly encouraged
• Protocol-level issues may require public discussion before resolution

Thank you for helping improve the security and robustness of DIVE.