The IESG has approved the following document: - 'Processing of IPv6 "atomic" fragments' (draft-ietf-6man-ipv6-atomic-fragments-04.txt) as Proposed Standard This document is the product of the IPv6 Maintenance Working Group. The IESG contact persons are Brian Haberman and Ted Lemon. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-atomic-fragments/ Technical Summary: The IPv6 specification allows packets to contain a Fragment Header without the packet being actually fragmented into multiple pieces (we refer to these packets as "atomic fragments"). Such packets are typically sent by hosts that have received an ICMPv6 "Packet Too Big" error message that advertises a "Next-Hop MTU" smaller than 1280 bytes, and are currently processed by some implementations as normal "fragmented traffic" (i.e., they are "reassembled" with any other queued fragments that supposedly correspond to the same original packet). Thus, an attacker can cause hosts to employ "atomic fragments" by forging ICMPv6 "Packet Too Big" error messages, and then launch any fragmentation-based attacks against such traffic. This document discusses the generation of the aforementioned "atomic fragments" and the corresponding security implications. Additionally, this document formally updates RFC 2460 and RFC 5722 such that IPv6 atomic fragments are processed independently of any other fragments, thus completely eliminating the aforementioned attack vector. Working Group Summary: There is working group support for this document. It has been discussed on the mailing list and in face-to-face 6man sessions. The chairs did a review that improved the quality of the document. Document Quality: The document includes an appendix that lists implementations that generate atomic fragments and/or implement this document. Personnel: Bob Hinden, Document Shepherd Brian Haberman, Internet AD
