At 07:01 16-02-10, you wrote:
The IESG has received a request from the Transport Area Working Group WG
(tsvwg) to consider the following document:
- 'Transport Protocol Port Randomization Recommendations '
<draft-ietf-tsvwg-port-randomization-06.txt> as a BCP
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
In Section 3.2:
"Since this range includes ports numbers assigned by IANA, this may
not always be possible, though. A possible workaround for this
potential problem would be to maintain a local list of the port
numbers that should not be allocated as ephemeral ports. Thus,
before allocating a port number, the ephemeral port selection
function would check this list, avoiding the allocation of ports that
may be needed for specific applications."
Is that the list of ports in the ephemeral port range assigned by
IANA or the list of ports that may be needed by specific applications
on the host?
In Section 3.3:
"Transport protocols SHOULD obfuscate the allocation of their
ephemeral ports, since this help to mitigate a number of attacks that
depend on the attacker's ability to guess or know the five-tuple that
identifies the transport protocol instance to be attacked."
The title of Section 3.3 says Obfuscation while the algorithms in the
sub-sections are called "randomization".
With respect to the love note in this draft, I have reason to believe
any decision in that area only requires the consensus of the two
parties. I wish Fernando Gont good luck. :-)
Regards,
-sm
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf