[LACNIC/Seguridad] [LAC-TF] RFC 6980 on Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery (fwd)

Fernando Gont fgont en si6networks.com
Mar Ago 13 21:24:42 BRT 2013 

Hola, Azael!

Gracias por reenviar el anuncio. -- Chequié hoy mas temprano si se habia
publicado, y no habia encontrado nada.

Mis agradecimientos a Roque, quien contribuyó el texto del apéndice. Y a
Roque, que hace un par de años atrás presentó este documento en la
reunion del 6man wg (en Maastricht?), cuando el mismo era controversial.
-- Personalmente sensé que el sabía que iba a esquivar algunas balas...
asi que "kudos" para el. ;-)

Y a mi hermano Guillermo, quien es un co-autor implícito en casi todo lo
que hago.

Si bien uno termina poniendo el nombre como autor, la calidad final de
un documento depende de los aportes de quienes envían comentarios, y
proponen mejoras. En tal sentido, los "Acknowledgements" de este
documento son:

---- cut here ----
   The author would like to thank (in alphabetical order) Mikael
   Abrahamsson, Ran Atkinson, Ron Bonica, Jean-Michel Combes, David
   Farmer, Adrian Farrel, Stephen Farrell, Roque Gagliano, Brian
   Haberman, Bob Hinden, Philip Homburg, Ray Hunter, Arturo Servin, Mark
   Smith, and Martin Stiemerling for providing valuable comments on
   earlier versions of this document.

   The author would also like to thank Roque Gagliano for contributing
   the information regarding message sizes in Appendix A, and Arturo
   Servin for presenting this document at IETF 81.

   Finally, the author would like to thank his brother, friend, and
   colleague, Guillermo Gont, for his love and support.

   This document resulted from the project "Security Assessment of the
   Internet Protocol version 6 (IPv6)" [CPNI-IPv6], carried out by
   Fernando Gont on behalf of the UK Centre for the Protection of
   National Infrastructure (CPNI).
---- cut here ----

Saludos, y gracias!
Fer




On 08/13/2013 07:30 PM, Azael Fernandez Alcantara wrote:
> Buen Dia,
> 
> PSI = FYI
> 
> SALUDOS y una mejora mas.
> ____________________________________
> Azael
> UNAM
> Mexico
> ___________________________________
> Mensaje enviado sin acentos
> 
> 
> ---------- Forwarded message ----------
> Date: Tue, 13 Aug 2013 22:13:21 +0000
> From: rfc-editor en rfc-editor.org
> Reply-To: ietf en ietf.org
> To: ietf-announce en ietf.org, rfc-dist en rfc-editor.org
> Cc: drafts-update-ref en iana.org, ipv6 en ietf.org, rfc-editor en rfc-editor.org
> Subject: RFC 6980 on Security Implications of IPv6 Fragmentation with IPv6
>         Neighbor Discovery
> 
> A new Request for Comments is now available in online RFC libraries.
> 
> 
>         RFC 6980
> 
>         Title:      Security Implications of IPv6 Fragmentation
>                     with IPv6 Neighbor Discovery
>         Author:     F. Gont
>         Status:     Standards Track
>         Stream:     IETF
>         Date:       August 2013
>         Mailbox:    fgont en si6networks.com
>         Pages:      10
>         Characters: 20850
>         Updates:    RFC 3971, RFC 4861
> 
>         I-D Tag:    draft-ietf-6man-nd-extension-headers-05.txt
> 
>         URL:        http://www.rfc-editor.org/rfc/rfc6980.txt
> 
> This document analyzes the security implications of employing IPv6
> fragmentation with Neighbor Discovery (ND) messages.  It updates RFC
> 4861 such that use of the IPv6 Fragmentation Header is forbidden in
> all Neighbor Discovery messages, thus allowing for simple and
> effective countermeasures for Neighbor Discovery attacks.  Finally,
> it discusses the security implications of using IPv6 fragmentation
> with SEcure Neighbor Discovery (SEND) and formally updates RFC 3971
> to provide advice regarding how the aforementioned security
> implications can be mitigated.
> 
> This document is a product of the IPv6 Maintenance Working Group of the
> IETF.
> 
> This is now a Proposed Standard.
> 
> STANDARDS TRACK: This document specifies an Internet standards track
> protocol for the Internet community,and requests discussion and suggestions
> for improvements.  Please refer to the current edition of the Internet
> Official Protocol Standards (STD 1) for the standardization state and
> status of this protocol.  Distribution of this memo is unlimited.
> 
> This announcement is sent to the IETF-Announce and rfc-dist lists.
> To subscribe or unsubscribe, see
>   http://www.ietf.org/mailman/listinfo/ietf-announce
>   http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
> 
> For searching the RFC series, see
> http://www.rfc-editor.org/search/rfc_search.php
> For downloading RFCs, see http://www.rfc-editor.org/rfc.html
> 
> Requests for special distribution should be addressed to either the
> author of the RFC in question, or to rfc-editor en rfc-editor.org.  Unless
> specifically noted otherwise on the RFC itself, all RFCs are for
> unlimited distribution.
> 
> 
> The RFC Editor Team
> Association Management Solutions, LLC
> 
> 
> _______________________________________________
> LACTF mailing list
> LACTF en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lactf
> Cancelar suscripcion: lactf-unsubscribe en lacnic.net
> 


-- 
Fernando Gont
SI6 Networks
e-mail: fgont en si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

Más información sobre la lista de distribución Seguridad