[LACNIC/Seguridad] Direcciones temporales IPv6 (Fwd: New Version Notification for draft-ietf-6man-rfc4941bis-10.txt)

Fernando Gont fgont en si6networks.com
Jue Ago 27 03:45:43 GMT+3 2020 

Estimados,

Revision del draft que revisa la especificacion de direcciones 
temporales/de privacidad: 
https://www.ietf.org/internet-drafts/draft-ietf-6man-rfc4941bis-10.txt

Tiene impacto concreto:

* Reduce el numero total de direcciones de 7 a dos por prefijo.

* Cambia la vida maxima de 7 dias a dos dias.

* Arregla problemas de seguridad de las especificacion actual (RFC4941).

Personalmente implementé este draft para FreeBSD y Linux kernel. El 
codigo en cuestión ya es parte del arbol net-next.

P.S.: Para el interesado, aquí tienen un poco de background respecto de 
las mejoras recientes en materia de direccionamiento IPv6: 
https://www.si6networks.com/2020/08/06/a-brief-history-of-recent-advances-in-ipv6-security-part-i/

Saludos, y que Maradona los bendiga,
Fernando Gont




-------- Forwarded Message --------
Subject: New Version Notification for draft-ietf-6man-rfc4941bis-10.txt
Date: Wed, 26 Aug 2020 12:30:18 -0700
From: internet-drafts en ietf.org
To: Suresh Krishnan <suresh en kaloom.com>, Richard Draves 
<richdr en microsoft.com>, Fernando Gont <fgont en si6networks.com>, Thomas 
Narten <narten en us.ibm.com>


A new version of I-D, draft-ietf-6man-rfc4941bis-10.txt
has been successfully submitted by Fernando Gont and posted to the
IETF repository.

Name:		draft-ietf-6man-rfc4941bis
Revision:	10
Title:		Temporary Address Extensions for Stateless Address 
Autoconfiguration in IPv6
Document date:	2020-08-26
Group:		6man
Pages:		22
URL: https://www.ietf.org/internet-drafts/draft-ietf-6man-rfc4941bis-10.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-6man-rfc4941bis/
Htmlized:       https://tools.ietf.org/html/draft-ietf-6man-rfc4941bis-10
Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-6man-rfc4941bis
Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-6man-rfc4941bis-10

Abstract:
    This document describes an extension that causes nodes to generate
    global scope addresses with randomized interface identifiers that
    change over time.  Changing global scope addresses over time limits
    the window of time during which eavesdroppers and other information
    collectors may trivially perform address-based network activity
    correlation when the same address is employed for multiple
    transactions by the same node.  Additionally, it reduces the window
    of exposure of a node via an address that becomes revealed as a
    result of active communication.  This document obsoletes RFC4941.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

Más información sobre la lista de distribución Seguridad