A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Use of the IPv6 Flow Label as a Transport-Layer Nonce to Defend Against Off-Path Spoofing Attacks
Author(s) : S. Blake
Filename : draft-blake-ipv6-flow-label-nonce-00.txt
Pages : 14
Date : 2008-10-27
TCP and other transport-layer protocols are vulnerable to spoofing
attacks from off-path hosts. These attacks can be prevented through
the use of cryptographic authentication. However, it is difficult to
use cryptographic authentication in all circumstances. A variety of
obfuscation techniques -- such as initial sequence number
randomization and source port randomization -- increase the effort
required of an attacker to successfully spoof the packet header
fields which uniquely identify a transport connection. This memo
proposes the use of the IPv6 Flow Label field as a random, per-
connection nonce value, to add entropy to the set of packet header
fields used to identify a transport connection. This mechanism is
easily implementable, allows for incremental deployment, and is fully
compliant with the rules for Flow Label use defined in RFC 3697.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-blake-ipv6-flow-label-nonce-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-blake-ipv6-flow-label-nonce-00.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
