[LACNIC/Seguridad] Fwd: Next steps for draft-gont-6man-predictable-fragment-id

Eduardo Carozo ecarozo en gmail.com
Lun Mar 4 17:26:55 BRT 2013

El 01/03/2013 04:04, "Fernando Gont" <fgont en si6networks.com> escribió:

> Estimados,
> El 6man g de la IETF está deciiendo que hacer con este I-D --
> basicamente, si adoptarlo como wg item, o no.
> Les pido que quienes hayan leido el I-D, o al menos entiendan el
> problema, participen de la discusión.
> Una buena cantidad de las implementaciones IPv6 existentes son
> vulnerables a este problema -- que tiene como implicancias DoS o
> "information leakage".
> El problema es facl de arreglar... pero el nivel de "paja" existente (o
> intereses por parte de algunos) lo ha hecho mas dificil de lo que debería.
> Personalmente, estoy considerando seriamente incluir en el toolkit una
> herramienta automatizada para explotar este problema para realizar
> DoS... lamentablemente, parece ser que hasta que la gente no vea su red
> caida, no va a tomar consciencia.
> Saludos, y gracias!
> Fernando
> -------- Original Message --------
> From: Ole Troan <otroan en employees.org>
> Subject: Next steps for draft-gont-6man-predictable-fragment-id
> Message-Id: <1D5AC9C6-2FC2-455D-930E-A8BA83C37D5B en employees.org>
> Date: Thu, 28 Feb 2013 20:51:38 +0100
> To: ipv6 en ietf.org 6man-wg <ipv6 en ietf.org>
> Hi,
> The draft-gont-6man-predictable-fragment-id document has been discussed
> a few times.
> At the IETF84 (minutes attached below), and in the thread:
> http://www.ietf.org/mail-archive/web/ipv6/current/msg15836.html
> Could we get the working groups opinion on what to do with the document?
> - Is there interest in working on it in 6man?
>   (if yes, you must be willing to contribute, if no, then say why)
> Best regards,
> Ole & Bob
> IETF84 minutes:
> ============
> Fernando Gont presented the draft about Security Implications of
> Predictable Fragment Identification Values,
> (draft-gont-6man-predictable-fragment-id-02.txt)
> Ole Troan wanted to make this document more generic and discuss the
> implications of using predictable values in Internet
> protocols. Fernando
> Bob Hinden wanted to see a longer list of OSs. He was also curious as
> to whether this was problem that needed to be fixed in IETF or was
> this already common knowledge.
> Erik Kline wanted to know if there was an IAB document that
> recommended the use of non-predictable values if there was an integer
> field that did not need specific values.
> Thomas Narten was not sure what to do with this. This fell under the
> category of "don't do anything stupid". e.g. Why do a document for
> IPv6 for things that were well known in IPv4?
> Lorenzo Colitti thought that this work was not harmful and should be
> pursued irrespective of any iab work.
> Brian Haberman did not want to have a point solution for every field
> and he would like to see a more general document applicable across the
> IETF. Fernando was concerned on whether implementers would read this
> generic document. Brian believed that this generic document could be
> referred to in the node requirements document, thus ensuring that IPv6
> implementers would read it.
> Joel Jaeggli thought that it was a worthwhile activity to look at
> existing implementations and flag this as a potential issue that was
> common across multiple implementations. Thomas Narten and Erik Kline
> agreed with Joel.
> Dave mentioned that RFC4732 (Internet DOS considerations) talked about
> using unpredictable values for session ids. Fernando talked about
> other issues discovered after 4732 that still had this issue. Dave
> believed that this sort of work needs to be done by the saag and if
> this was included in a statement from saag as something to look for in
> SecDir reviews, it would have the largest impact.
> Chairs wanted to continue discussion on mailing list and requested
> Fernando to discuss potential changes with Joel J.
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6 en ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> --
> Fernando Gont
> e-mail: fernando en gont.com.ar || fgont en si6networks.com
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
> _______________________________________________
> Seguridad mailing list
> Seguridad en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/seguridad
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20130304/5e15e3ab/attachment.html>

Más información sobre la lista de distribución Seguridad