[LACNIC/Seguridad] IETF I-D: "Generation of IPv6 Atomic Fragments Considered Harmful" (Fwd: New Version Notification for draft-ietf-6man-deprecate-atomfrag-generation-05.txt)
Fernando Gont
fgont en si6networks.com
Mie Ene 20 21:34:01 BRST 2016
Estimados,
FYI:
<https://www.ietf.org/internet-drafts/draft-ietf-6man-deprecate-atomfrag-generation-05.txt>
Este I-D llevo a que se remueva la funcionalidad en cuestión de la
inminente revision de la especificacion de IPv6 [1], y de la de SIIT [2].
[1] <https://tools.ietf.org/html/draft-ietf-6man-rfc2460bis>
[2] <https://tools.ietf.org/html/draft-bao-v6ops-rfc6145bis>
P.S.: "Vos también, Pasman".
Saludos cordiales,
Fernando
-------- Forwarded Message --------
Subject: New Version Notification for
draft-ietf-6man-deprecate-atomfrag-generation-05.txt
Date: Wed, 20 Jan 2016 15:23:33 -0800
From: internet-drafts en ietf.org
To: Shucheng LIU (Will) <liushucheng en huawei.com>, Fernando Gont
<fgont en si6networks.com>, Will Liu (Shucheng) <liushucheng en huawei.com>,
Tore Anderson <tore en redpill-linpro.com>
A new version of I-D, draft-ietf-6man-deprecate-atomfrag-generation-05.txt
has been successfully submitted by Fernando Gont and posted to the
IETF repository.
Name: draft-ietf-6man-deprecate-atomfrag-generation
Revision: 05
Title: Generation of IPv6 Atomic Fragments Considered Harmful
Document date: 2016-01-20
Group: 6man
Pages: 10
URL:
https://www.ietf.org/internet-drafts/draft-ietf-6man-deprecate-atomfrag-generation-05.txt
Status:
https://datatracker.ietf.org/doc/draft-ietf-6man-deprecate-atomfrag-generation/
Htmlized:
https://tools.ietf.org/html/draft-ietf-6man-deprecate-atomfrag-generation-05
Diff:
https://www.ietf.org/rfcdiff?url2=draft-ietf-6man-deprecate-atomfrag-generation-05
Abstract:
RFC2460 requires that when a host receives an ICMPv6 "Packet Too Big"
message reporting an MTU smaller than 1280 bytes, the host includes a
Fragment Header in all subsequent packets sent to that destination,
without reducing the assumed Path-MTU. The simplicity with which
ICMPv6 "Packet Too Big" messages can be forged means that an attacker
can leverage this functionality (the generation of IPv6 atomic
fragments) to trigger the use of fragmentation for any arbitrary IPv6
flow, and subsequently perform any fragmentation-based attack. This
document discusses the security implications of the generation of
IPv6 atomic fragments and a number of interoperability issues
associated with IPv6 atomic fragments, and concludes that the
aforementioned functionality is undesirable, thus documenting the
motivation for removing this functionality in the revision of the
core IPv6 protocol specification [I-D.ietf-6man-rfc2460bis].
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
Más información sobre la lista de distribución Seguridad