I have requested the start of an IETF Last Call for this document.
Regards, Brian On 12/29/12 2:22 PM, Fernando Gont wrote:
Hi, Brian, I've rev'ed this document according to our recent email exchange. Should we progress this document now? Thanks, and Happy New Year! Fernando On 12/29/2012 04:14 PM, internet-dra...@ietf.org wrote:A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IPv6 Maintenance Working Group of the IETF. Title : Processing of IPv6 "atomic" fragments Author(s) : Fernando Gont Filename : draft-ietf-6man-ipv6-atomic-fragments-03.txt Pages : 14 Date : 2012-12-29 Abstract: The IPv6 specification allows packets to contain a Fragment Header without the packet being actually fragmented into multiple pieces (we refer to these packets as "atomic fragments"). Such packets typically result from hosts that have received an ICMPv6 "Packet Too Big" error message that advertises a "Next-Hop MTU" smaller than 1280 bytes, and are currently processed by some implementations as "fragmented traffic". Thus, by forging ICMPv6 "Packet Too Big" error messages an attacker can cause hosts to employ "atomic fragments", and then launch any fragmentation-based attacks against such traffic. This document discusses the generation of the aforementioned "atomic fragments", the corresponding security implications, and formally updates RFC 2460 and RFC 5722 such that fragmentation-based attack vectors against traffic employing "atomic fragments" are completely eliminated. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-atomic-fragments There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-6man-ipv6-atomic-fragments-03 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-6man-ipv6-atomic-fragments-03 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
