Hi, Brian, I've rev'ed this document according to our recent email exchange.
Should we progress this document now? Thanks, and Happy New Year! Fernando On 12/29/2012 04:14 PM, internet-dra...@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the IPv6 Maintenance Working Group of the IETF. > > Title : Processing of IPv6 "atomic" fragments > Author(s) : Fernando Gont > Filename : draft-ietf-6man-ipv6-atomic-fragments-03.txt > Pages : 14 > Date : 2012-12-29 > > Abstract: > The IPv6 specification allows packets to contain a Fragment Header > without the packet being actually fragmented into multiple pieces (we > refer to these packets as "atomic fragments"). Such packets > typically result from hosts that have received an ICMPv6 "Packet Too > Big" error message that advertises a "Next-Hop MTU" smaller than 1280 > bytes, and are currently processed by some implementations as > "fragmented traffic". Thus, by forging ICMPv6 "Packet Too Big" error > messages an attacker can cause hosts to employ "atomic fragments", > and then launch any fragmentation-based attacks against such traffic. > This document discusses the generation of the aforementioned "atomic > fragments", the corresponding security implications, and formally > updates RFC 2460 and RFC 5722 such that fragmentation-based attack > vectors against traffic employing "atomic fragments" are completely > eliminated. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-atomic-fragments > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-6man-ipv6-atomic-fragments-03 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-6man-ipv6-atomic-fragments-03 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
