[LACNIC/Seguridad] Fwd: Protocol Action: 'Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery' to Proposed Standard (draft-ietf-6man-nd-extension-headers-05.txt)
Fernando Gont
fgont en si6networks.com
Mar Jun 4 06:05:02 BRT 2013
FYI
-------- Original Message --------
Subject: Protocol Action: 'Security Implications of IPv6 Fragmentation
with IPv6 Neighbor Discovery' to Proposed Standard
(draft-ietf-6man-nd-extension-headers-05.txt)
Date: Mon, 03 Jun 2013 12:23:07 -0700
From: The IESG <iesg-secretary en ietf.org>
To: IETF-Announce <ietf-announce en ietf.org>
CC: 6man chair <6man-chairs en tools.ietf.org>, 6man mailing list
<ipv6 en ietf.org>, RFC Editor <rfc-editor en rfc-editor.org>
The IESG has approved the following document:
- 'Security Implications of IPv6 Fragmentation with IPv6 Neighbor
Discovery'
(draft-ietf-6man-nd-extension-headers-05.txt) as Proposed Standard
This document is the product of the IPv6 Maintenance Working Group.
The IESG contact persons are Brian Haberman and Ted Lemon.
A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-6man-nd-extension-headers/
Technical Summary:
This document analyzes the security implications of using IPv6 Extension
Headers with Neighbor Discovery (ND) messages. It updates RFC 4861 such
that use of the IPv6 Fragmentation Header is forbidden in all Neighbor
Discovery messages, thus allowing for simple and effective
counter-measures for Neighbor Discovery attacks. Finally, it discusses
the security implications of using IPv6 fragmentation with SEcure
Neighbor Discovery (SEND), and formally updates RFC 3971 to provide
advice regarding how the aforementioned security implications can be
prevented.
Working Group Summary:
There is working support for this document. It has been discussed on the
mailing list and in face to face 6man sessions. The chairs did a review
that improved the quality of the document.
Document Quality:
No known implementations.
Personnel:
Who is the Document Shepherd? Who is the Responsible Area Director?
Bob Hinden, Document Shepherd
Brian Haberman, Internet AD
RFC Editor Note
OLD
splitting the necessary information into multiple RA messages
NEW
splitting the necessary information into multiple Router Advertisement (RA)
messages
OLD
options such as the CGA option
NEW
options such as the Cryptographically Generated Address (CGA) option
OLD
that would result in fragmented CPA messages.
NEW
that would result in fragmented Certification Path Advertisement (CPA)
messages.
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 en ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
Más información sobre la lista de distribución Seguridad