[LACNIC/Seguridad] Nuevo IETF-ID Sec. y Priv. Implications of Numeric Identifiers
Fernando Gont
fgont en si6networks.com
Jue Feb 4 14:48:57 BRST 2016
Estimados,
Iván Arce y quien les escribe hemos publicado un nuevo IETF I-D
titulado: "Security and Privacy Implications of Numeric Identifiers
Employed in Network Protocols" que resume la mala historia que tienen
los protocolos de red a la hora de seleccionar identificadores numericos
(dales como el Frag ID, cubierto en el reciente RFC7739).
EL I-D se encuentra aqui:
<https://www.ietf.org/internet-drafts/draft-gont-predictable-numeric-ids-00.txt>
El abstract dice:
This document performs an analysis of the security and privacy
implications of different types of "numeric identifiers" used in IETF
protocols, and tries to categorize them based on their
interoperability requirements and the assoiated failure severity when
such requirements are not met. It describes a number of algorithms
that have been employed in real implementations to meet such
requirements and analyzes their security and privacy properties.
Additionally, it provides advice on possible algorithms that could be
employed to satisfy the interoperability requirements of each
identifier type, while minimizing the security and privacy
implications, thus providing guidance to protocol designers and
protocol implementers. Finally, it provides recommendations for
future protocol specifications regarding the specification of the
aforementioned numeric identifiers.
P.S.: Si este I-D tuviera un soundtrack, tal vez sería este:
<https://www.youtube.com/watch?v=5mF6vqnB6n4> (parental advisory:
explicit lyrics :-) )
Saludos,
Fernando
-------- Forwarded Message --------
Subject: New Version Notification for
draft-gont-predictable-numeric-ids-00.txt
Date: Thu, 04 Feb 2016 08:29:45 -0800
From: internet-drafts en ietf.org
To: Ivan Arce <stic en fundacionsadosky.org.ar>, Fernando Gont
<fgont en si6networks.com>
A new version of I-D, draft-gont-predictable-numeric-ids-00.txt
has been successfully submitted by Fernando Gont and posted to the
IETF repository.
Name: draft-gont-predictable-numeric-ids
Revision: 00
Title: Security and Privacy Implications of Numeric Identifiers
Employed in Network Protocols
Document date: 2016-02-04
Group: Individual Submission
Pages: 32
URL:
https://www.ietf.org/internet-drafts/draft-gont-predictable-numeric-ids-00.txt
Status:
https://datatracker.ietf.org/doc/draft-gont-predictable-numeric-ids/
Htmlized:
https://tools.ietf.org/html/draft-gont-predictable-numeric-ids-00
Abstract:
This document performs an analysis of the security and privacy
implications of different types of "numeric identifiers" used in IETF
protocols, and tries to categorize them based on their
interoperability requirements and the assoiated failure severity when
such requirements are not met. It describes a number of algorithms
that have been employed in real implementations to meet such
requirements and analyzes their security and privacy properties.
Additionally, it provides advice on possible algorithms that could be
employed to satisfy the interoperability requirements of each
identifier type, while minimizing the security and privacy
implications, thus providing guidance to protocol designers and
protocol implementers. Finally, it provides recommendations for
future protocol specifications regarding the specification of the
aforementioned numeric identifiers.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
Más información sobre la lista de distribución Seguridad