A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IPv6 Maintenance Working Group of the IETF.
Title : Deprecating the Generation of IPv6 Atomic Fragments
Authors : Fernando Gont
Will(Shucheng) Liu
Tore Anderson
Filename : draft-ietf-6man-deprecate-atomfrag-generation-00.txt
Pages : 17
Date : 2014-11-11
Abstract:
The core IPv6 specification requires that when a host receives an
ICMPv6 "Packet Too Big" message reporting a "Next-Hop MTU" smaller
than 1280, the host includes a Fragment Header in all subsequent
packets sent to that destination, without reducing the assumed Path-
MTU. The simplicity with which ICMPv6 "Packet Too Big" messages can
be forged, coupled with the widespread filtering of IPv6 fragments,
results in an attack vector that can be leveraged for Denial of
Service purposes. This document briefly discusses the aforementioned
attack vector, and formally updates RFC2460 such that generation of
IPv6 atomic fragments is deprecated, thus eliminating the
aforementioned attack vector. Additionally, it formally updates
RFC6145 such that the Stateless IP/ICMP Translation Algorithm (SIIT)
does not rely on the generation of IPv6 atomic fragments, thus
improving the robustness of the protocol.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-6man-deprecate-atomfrag-generation/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-6man-deprecate-atomfrag-generation-00
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
