[LAC-TF] Fwd: I-D Action: draft-ietf-6man-deprecate-atomfrag-generation-00.txt

Fernando Gont fgont at si6networks.com
Thu Nov 13 23:06:49 BRST 2014 

FYI, recientemente aceptado:
<http://tools.ietf.org/html/draft-ietf-6man-deprecate-atomfrag-generation-00>

Esto elimina un vector de ataque, y hace que SIIT (RFC6145) sea mas
reliable.

Saludos,
Fernando




-------- Forwarded Message --------
Subject: I-D Action: draft-ietf-6man-deprecate-atomfrag-generation-00.txt
Date: Tue, 11 Nov 2014 12:45:47 -0800
From: internet-drafts at ietf.org
To: i-d-announce at ietf.org
CC: ipv6 at ietf.org


A New Internet-Draft is available from the on-line Internet-Drafts
directories.
 This draft is a work item of the IPv6 Maintenance Working Group of the
IETF.

        Title           : Deprecating the Generation of IPv6 Atomic
Fragments
        Authors         : Fernando Gont
                          Will(Shucheng) Liu
                          Tore Anderson
	Filename        : draft-ietf-6man-deprecate-atomfrag-generation-00.txt
	Pages           : 17
	Date            : 2014-11-11

Abstract:
   The core IPv6 specification requires that when a host receives an
   ICMPv6 "Packet Too Big" message reporting a "Next-Hop MTU" smaller
   than 1280, the host includes a Fragment Header in all subsequent
   packets sent to that destination, without reducing the assumed Path-
   MTU.  The simplicity with which ICMPv6 "Packet Too Big" messages can
   be forged, coupled with the widespread filtering of IPv6 fragments,
   results in an attack vector that can be leveraged for Denial of
   Service purposes.  This document briefly discusses the aforementioned
   attack vector, and formally updates RFC2460 such that generation of
   IPv6 atomic fragments is deprecated, thus eliminating the
   aforementioned attack vector.  Additionally, it formally updates
   RFC6145 such that the Stateless IP/ICMP Translation Algorithm (SIIT)
   does not rely on the generation of IPv6 atomic fragments, thus
   improving the robustness of the protocol.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-6man-deprecate-atomfrag-generation/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-6man-deprecate-atomfrag-generation-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

More information about the LACTF mailing list