Re: Last Call: draft-ietf-tsvwg-port-randomization (Transport Protocol Port Randomization Recommendations) to BCP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 07:01 16-02-10, you wrote:
The IESG has received a request from the Transport Area Working Group WG
(tsvwg) to consider the following document:

- 'Transport Protocol Port Randomization Recommendations '
   <draft-ietf-tsvwg-port-randomization-06.txt> as a BCP

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send substantive comments to the

In Section 3.2:

  "Since this range includes ports numbers assigned by IANA, this may
   not always be possible, though.  A possible workaround for this
   potential problem would be to maintain a local list of the port
   numbers that should not be allocated as ephemeral ports.  Thus,
   before allocating a port number, the ephemeral port selection
   function would check this list, avoiding the allocation of ports that
   may be needed for specific applications."

Is that the list of ports in the ephemeral port range assigned by IANA or the list of ports that may be needed by specific applications on the host?

In Section 3.3:

  "Transport protocols SHOULD obfuscate the allocation of their
   ephemeral ports, since this help to mitigate a number of attacks that
   depend on the attacker's ability to guess or know the five-tuple that
   identifies the transport protocol instance to be attacked."

The title of Section 3.3 says Obfuscation while the algorithms in the sub-sections are called "randomization".

With respect to the love note in this draft, I have reason to believe any decision in that area only requires the consensus of the two parties. I wish Fernando Gont good luck. :-)

Regards,
-sm

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]