Dear all,
We would like to draw your attention to our three recently updated drafts related to vulnerabilities caused by forged ICMP error messages and corresponding challenge–confirm authentication mechanisms for ICMP and ICMPv6 - https://datatracker.ietf.org/doc/draft-xu-intarea-vulnerabilities-forged-icmp/ & https://datatracker.ietf.org/doc/draft-xu-intarea-challenge-icmpv4/02/ & https://datatracker.ietf.org/doc/draft-xu-intarea-challenge-icmpv6/02/ . 1) draft-xu-intarea-vulnerabilities-forged-icmp: Describes how forged ICMP error messages can trigger cross-layer vulnerabilities, such as information leakage, inconsistent state between protocol layers, and spoofing attacks. It outlines the underlying causes and mitigation directions. 2) draft-xu-intarea-challenge-icmpv4 & draft-xu-intarea-challenge-icmpv6: Proposes a challenge–confirm mechanism for ICMP error messages to authenticate their origin and protect against forgery, maintaining compatibility with existing network behavior. We would like to receive feedback on these proposals, including: 1) Whether forged ICMP error messages are a security issue worth discussing, and whether our problem statement comprehensively captures real-world forged ICMP vulnerabilities or if additional cases should be included. 2) Per IETF 123 feedback, our draft now discusses packet loss, multipath, and amplification, and we would like to know whether these discussions are sufficient. 3) Any additional comments or suggestions that could improve practicality and security. We would like to collect feedback on the proposals and prepare an updated version addressing received comments. Best regards, Ao On behalf of all co-authors
_______________________________________________ Int-area mailing list -- [email protected] To unsubscribe send an email to [email protected]
