[LACNIC/Seguridad] Revisión de "Unfortunate History of Transient Numeric Identifiers" (Fwd: [Pearg] I-D Action: draft-irtf-pearg-numeric-ids-history-06.txt)

Fernando Gont fgont en si6networks.com
Jue Ene 14 03:23:57 -03 2021



Titulo: Unfortunate History of Transient Numeric Identifiers
UTL: https://tools.ietf.org/html/draft-irtf-pearg-numeric-ids-history-06

Sus comentarios serán bienvenidos.

Algunos datapoints interesantes:

1) It took 27 years to fix the TCP spec with respect to flawed TCP ISN 

2) OpenBSD implemented transport protocol ephemeral port randomization 
14.5 years before the IETF recommended it.

3) I has taken 20 years (and counting!) to address security/privacy 
issues associated with IPv6 address configuration (SLAAC). -- Many 
DHCPv6 implementations still broken in that respect!

4) OpenBSD implemented IPv6 Frag Identification 14 years before the IETF 
actually recommended it.
-- Windows 10 still doesn't?

P.S.: https://www.youtube.com/watch?v=e4qdODv6Uh8

Saludos, y gracias!

-------- Forwarded Message --------
Subject: [Pearg] I-D Action: draft-irtf-pearg-numeric-ids-history-06.txt
Date: Wed, 13 Jan 2021 10:24:44 -0800
From: internet-drafts en ietf.org
Reply-To: pearg en irtf.org
To: i-d-announce en ietf.org
CC: pearg en irtf.org

A New Internet-Draft is available from the on-line Internet-Drafts 
This draft is a work item of the Privacy Enhancements and Assessments 
Research Group RG of the IRTF.

         Title           : Unfortunate History of Transient Numeric 
         Authors         : Fernando Gont
                           Ivan Arce
	Filename        : draft-irtf-pearg-numeric-ids-history-06.txt
	Pages           : 28
	Date            : 2021-01-13

    This document analyzes the timeline of the specification and
    implementation of different types of "transient numeric identifiers"
    used in IETF protocols, and how the security and privacy properties
    of such protocols have been affected as a result of it.  It provides
    empirical evidence that advice in this area is warranted.  This
    document is a product of the Privacy Enhancement and Assessment
    Research Group (PEARG) in the IRTF.

The IETF datatracker status page for this draft is:

There are also htmlized versions available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:

Pearg mailing list
Pearg en irtf.org

Más información sobre la lista de distribución Seguridad