[LACNIC/Seguridad] Revisión de "Unfortunate History of Transient Numeric Identifiers" (Fwd: [Pearg] I-D Action: draft-irtf-pearg-numeric-ids-history-06.txt)
Fernando Gont
fgont en si6networks.com
Jue Ene 14 03:23:57 -03 2021
Estimades,
FYI.
Titulo: Unfortunate History of Transient Numeric Identifiers
UTL: https://tools.ietf.org/html/draft-irtf-pearg-numeric-ids-history-06
Sus comentarios serán bienvenidos.
Algunos datapoints interesantes:
1) It took 27 years to fix the TCP spec with respect to flawed TCP ISN
generation
2) OpenBSD implemented transport protocol ephemeral port randomization
14.5 years before the IETF recommended it.
3) I has taken 20 years (and counting!) to address security/privacy
issues associated with IPv6 address configuration (SLAAC). -- Many
DHCPv6 implementations still broken in that respect!
4) OpenBSD implemented IPv6 Frag Identification 14 years before the IETF
actually recommended it.
-- Windows 10 still doesn't?
P.S.: https://www.youtube.com/watch?v=e4qdODv6Uh8
Saludos, y gracias!
Fernando
-------- Forwarded Message --------
Subject: [Pearg] I-D Action: draft-irtf-pearg-numeric-ids-history-06.txt
Date: Wed, 13 Jan 2021 10:24:44 -0800
From: internet-drafts en ietf.org
Reply-To: pearg en irtf.org
To: i-d-announce en ietf.org
CC: pearg en irtf.org
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Privacy Enhancements and Assessments
Research Group RG of the IRTF.
Title : Unfortunate History of Transient Numeric
Identifiers
Authors : Fernando Gont
Ivan Arce
Filename : draft-irtf-pearg-numeric-ids-history-06.txt
Pages : 28
Date : 2021-01-13
Abstract:
This document analyzes the timeline of the specification and
implementation of different types of "transient numeric identifiers"
used in IETF protocols, and how the security and privacy properties
of such protocols have been affected as a result of it. It provides
empirical evidence that advice in this area is warranted. This
document is a product of the Privacy Enhancement and Assessment
Research Group (PEARG) in the IRTF.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-irtf-pearg-numeric-ids-history/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-irtf-pearg-numeric-ids-history-06
https://datatracker.ietf.org/doc/html/draft-irtf-pearg-numeric-ids-history-06
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-irtf-pearg-numeric-ids-history-06
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
--
Pearg mailing list
Pearg en irtf.org
https://www.irtf.org/mailman/listinfo/pearg
Más información sobre la lista de distribución Seguridad