The IESG has received a request from the IPv6 Maintenance WG (6man) to consider the following document: - 'Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery' <draft-ietf-6man-nd-extension-headers-03.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-01-29. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document analyzes the security implications of employing IPv6 fragmentation with Neighbor Discovery (ND) messages. It updates RFC 4861 such that use of the IPv6 Fragmentation Header is forbidden in all Neighbor Discovery messages, thus allowing for simple and effective counter-measures for Neighbor Discovery attacks. Finally, it discusses the security implications of using IPv6 fragmentation with SEcure Neighbor Discovery (SEND), and formally updates RFC 3971 to provide advice regarding how the aforementioned security implications can be prevented. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-6man-nd-extension-headers/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-6man-nd-extension-headers/ballot/ No IPR declarations have been submitted directly on this I-D.
