Hi, Mark, On 12/15/2011 10:19 PM, Mark Andrews wrote: > When thinking about this draft please consider the following: > > http://tools.ietf.org/html/draft-andrews-6man-force-fragmentation-00 > http://tools.ietf.org/html/draft-andrews-dnsext-udp-fragmentation-00
I've just read both of them. The relationship I've found with these two and the two I've authored is that your I-D's will lead to an increase of IPv6 "atomic fragments". This means that: * <http://tools.ietf.org/id/draft-gont-6man-ipv6-atomic-fragments-00.txt> is even more desirable, as it would completely mitigate fragmentation-related attacks against DNS traffic that is not really split into several packets (but still contains a Fragment Header. * Implementation of <http://tools.ietf.org/id/draft-gont-6man-predictable-fragment-id-00.txt> at the sending node would help mitigate some fragmentation-related attacks against receivers that do not yet implement the "atomic packets" behaviour described above, or in scenarios in which DNS traffic is really fragmented (i.e., packets are split into multiple pieces). Does this agree with your assessment? Am I missing something? P.S.: I'll be sending feedback about your I-Ds in separate e-mails. Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
