[LAC-TF] Revision del IETF I-D sobre "Predictable Fragment IDs" (Fwd: New Version Notification for draft-gont-6man-predictable-fragment-id-01.txt)
Fernando Gont
fgont at si6networks.com
Sat Mar 3 20:12:02 BRT 2012
Estimados,
He publicado una revision del IETF I-D en cuestión. La misma se
encuentra disponible en
<http://tools.ietf.org/id/draft-gont-6man-predictable-fragment-id-01.txt>.
Pueden ver el diff respecto de la version anterior en:
<http://tools.ietf.org//rfcdiff?url1=http://tools.ietf.org/id/draft-gont-6man-predictable-fragment-id-00.txt&url2=http://tools.ietf.org/id/draft-gont-6man-predictable-fragment-id-01.txt>.
Esta revisión está basada en conversaciones con Ivan Arce (on- y
off-list), así como en numerosas sugerencias por el enviadas (Gracias!).
Cualquier comentario esrá bienvenido.
P.S.: Todavía quedan algunos cambios por aplicar, pero dado que ya habia
suficiente contenido para una actualización, y que el cut-off para la
publicación de revisiones es este lunes, publiqué una rev.
Saludos,
Fernando
-------- Original Message --------
Subject: New Version Notification for
draft-gont-6man-predictable-fragment-id-01.txt
Date: Sat, 03 Mar 2012 15:02:10 -0800
From: internet-drafts at ietf.org
To: fgont at si6networks.com
A new version of I-D, draft-gont-6man-predictable-fragment-id-01.txt has
been successfully submitted by Fernando Gont and posted to the IETF
repository.
Filename: draft-gont-6man-predictable-fragment-id
Revision: 01
Title: Security Implications of Predictable Fragment Identification Values
Creation date: 2012-03-03
WG ID: Individual Submission
Number of pages: 21
Abstract:
IPv6 specifies the Fragment Header, which is employed for the
fragmentation and reassembly mechanisms. The Fragment Header
contains an "Identification" field which, together with the
IPv6
Source Address and the IPv6 Destination Address of the packet,
identifies fragments that correspond to the same original datagram,
such that they can be reassembled together at the receiving host.
The only requirement for setting the "Identification" value
is that
it must be different than that of any other fragmented packet sent
recently with the same Source Address and Destination Address. Some
implementations simply use a global counter for setting the Fragment
Identification field, thus leading to predictable values. This
document analyzes the security implications of predictable
Identification values, and updates RFC 2460 specifying additional
requirements for setting the Fragment Identification, such that the
aforementioned security implications are mitigated.
The IETF Secretariat
More information about the LACTF
mailing list