RFC6346 reduces the space for TCP/UDP ports, which makes port-based attacks against protocols easier, as was mentioned in RFC6056: "It is also worth noting that, provided adequate algorithms are in use, the larger the range from which ephemeral ports are selected, the smaller the chances of an attacker are to guess the selected port number." The primary mitigation against the Kaminsky was port randomization and attacks against other protocols may also need such port randomization. If RFC6346 progresses to Proposed Standard, its impact to the size of the port space should be noted in RFC6346bis's security considerations. -d On Dec 1, 2014, at 2:38 PM, The IESG <iesg-secretary@xxxxxxxx> wrote: > > The IESG has received a request from an individual participant to make > the following status changes: > > - RFC6346 from Experimental to Proposed Standard > (The Address plus Port (A+P) Approach to the IPv4 Address Shortage) > > The supporting document for this request can be found here: > > http://datatracker.ietf.org/doc/status-change-address-plus-port-to-proposed/ > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@xxxxxxxx mailing lists by 2014-12-29. Exceptionally, comments may be > sent to iesg@xxxxxxxx instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > The affected document can be obtained via > http://datatracker.ietf.org/doc/rfc6346/ > > IESG discussion of this request can be tracked via > http://datatracker.ietf.org/doc/status-change-address-plus-port-to-proposed/ballot/ > >