[LACNIC/Seguridad] Fwd: RFC 7112 on Implications of Oversized IPv6 Header Chains

Iván Arce ivan.w.arce en gmail.com
Mie Ene 29 16:17:25 BRST 2014


oh perdon se me corto el mail anterior.

Ya es standard? es decir, hay al menos 2 implementaciones funcionando
que cumplen con el RFC?

-ivan

On 1/29/14 2:58 PM, Fernando Gont wrote:
> FYI: <http://www.rfc-editor.org/rfc/rfc7112.txt>
> 
> Hace tanto que este documento venía incubandose que hoy me quede sin
> dormir para que no se demore mas. :-)
> 
> 
> Si Ud. se encuentra tomando mate con bizcochitos, y quiere enterarse de
> que se trata la cuestión, sin cortar con la mateada, la idea es así de
> simple:
> 
> Hasta el momento, las especificaciones permitian la existencia de
> paquetes tan ridiculos que tenian la cadena de encabezados IPv6
> desparramada en varios fragmentos. Este doumento actualiza la norma base
> de IPv6 (RFC 2460), de modo de prohibir dichos paquetes. Es decir, se
> requiere que la cadena completa de encabezados siempre este presente en
> el primer fragmento (obviamente en los casos que se usa fragmentacion..
> ya que sino este problema no se presenta).
> 
> Las implicancias de esta actulización son que a partir de ahora, uno
> puede realizar filtrado de paquetes "sin estado" (steteless) -- lo cual
> es agradable. :-)
> 
> Pero no joda... siga tomando mate, que esto lo puede lee en otro momento ;-)
> 
> Saludos,
> Fernando
> 
> 
> 
> 
> -------- Original Message --------
> Subject: RFC 7112 on Implications of Oversized IPv6 Header Chains
> Date: Wed, 29 Jan 2014 09:30:44 -0800 (PST)
> From: rfc-editor en rfc-editor.org
> To: ietf-announce en ietf.org, rfc-dist en rfc-editor.org
> CC: drafts-update-ref en iana.org, ipv6 en ietf.org, rfc-editor en rfc-editor.org
> 
> A new Request for Comments is now available in online RFC libraries.
> 
> 
>         RFC 7112
> 
>         Title:      Implications of Oversized IPv6 Header
>                     Chains
>         Author:     F. Gont, V. Manral,
>                     R. Bonica
>         Status:     Standards Track
>         Stream:     IETF
>         Date:       January 2014
>         Mailbox:    fgont en si6networks.com,
>                     vishwas en ionosnetworks.com,
>                     rbonica en juniper.net
>         Pages:      8
>         Characters: 15897
>         Updates:    RFC 2460
> 
>         I-D Tag:    draft-ietf-6man-oversized-header-chain-09.txt
> 
>         URL:        http://www.rfc-editor.org/rfc/rfc7112.txt
> 
> The IPv6 specification allows IPv6 Header Chains of an arbitrary
> size.  The specification also allows options that can, in turn,
> extend each of the headers.  In those scenarios in which the IPv6
> Header Chain or options are unusually long and packets are
> fragmented, or scenarios in which the fragment size is very small,
> the First Fragment of a packet may fail to include the entire IPv6
> Header Chain.  This document discusses the interoperability and
> security problems of such traffic, and updates RFC 2460 such that the
> First Fragment of a packet is required to contain the entire IPv6
> Header Chain.
> 
> This document is a product of the IPv6 Maintenance Working Group of the
> IETF.
> 
> This is now a Proposed Standard.
> 
> STANDARDS TRACK: This document specifies an Internet standards track
> protocol for the Internet community,and requests discussion and suggestions
> for improvements.  Please refer to the current edition of the Internet
> Official Protocol Standards (STD 1) for the standardization state and
> status of this protocol.  Distribution of this memo is unlimited.
> 
> This announcement is sent to the IETF-Announce and rfc-dist lists.
> To subscribe or unsubscribe, see
>   http://www.ietf.org/mailman/listinfo/ietf-announce
>   http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
> 
> For searching the RFC series, see
> http://www.rfc-editor.org/search/rfc_search.php
> For downloading RFCs, see http://www.rfc-editor.org/rfc.html
> 
> Requests for special distribution should be addressed to either the
> author of the RFC in question, or to rfc-editor en rfc-editor.org.  Unless
> specifically noted otherwise on the RFC itself, all RFCs are for
> unlimited distribution.
> 
> 
> The RFC Editor Team
> Association Management Solutions, LLC
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6 en ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> 
> 
> 
> _______________________________________________
> Seguridad mailing list
> Seguridad en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/seguridad
> 




Más información sobre la lista de distribución Seguridad