I have requested the start of an IETF Last Call for this document.
Regards,
Brian
On 12/29/12 2:22 PM, Fernando Gont wrote:
Hi, Brian,
I've rev'ed this document according to our recent email exchange.
Should we progress this document now?
Thanks, and Happy New Year!
Fernando
On 12/29/2012 04:14 PM, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IPv6 Maintenance Working Group of the IETF.
Title : Processing of IPv6 "atomic" fragments
Author(s) : Fernando Gont
Filename : draft-ietf-6man-ipv6-atomic-fragments-03.txt
Pages : 14
Date : 2012-12-29
Abstract:
The IPv6 specification allows packets to contain a Fragment Header
without the packet being actually fragmented into multiple pieces (we
refer to these packets as "atomic fragments"). Such packets
typically result from hosts that have received an ICMPv6 "Packet Too
Big" error message that advertises a "Next-Hop MTU" smaller than 1280
bytes, and are currently processed by some implementations as
"fragmented traffic". Thus, by forging ICMPv6 "Packet Too Big" error
messages an attacker can cause hosts to employ "atomic fragments",
and then launch any fragmentation-based attacks against such traffic.
This document discusses the generation of the aforementioned "atomic
fragments", the corresponding security implications, and formally
updates RFC 2460 and RFC 5722 such that fragmentation-based attack
vectors against traffic employing "atomic fragments" are completely
eliminated.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-atomic-fragments
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-6man-ipv6-atomic-fragments-03
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-6man-ipv6-atomic-fragments-03
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------