On Tue, 6 Aug 2013, Templin, Fred L wrote: > One other thing for now is that Mike's proposal doesn't even > address the attack vector that 'draft-bonica-6man-frag-deprecate' > is concerned about. To address the tiny fragment concern, the > protocol must ensure that tiny fragments cannot ever be created.
That is incorrect, or at least a red herring. As draft-bonica-6man-frag-deprecate Section 2.3 points out, tiny IP-layer fragments are a problem because thsy can be crafted so that the L4 header, or a significant part thereof, does not appear in the initial IP fragment. In the proposal I floated (or variants thereof, like a UDP replacement with a new protocol number) where L4 segments are used _instead_ of IP fragments that cannot happen, because the L4 header appears in front of _each_ segment -- just as with TCP. Tiny transport layer _segments_ have not been identified as a problem. //cmh -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
