all, this is an update based on IESG comments.
https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-atomic-fragments/ballot/ http://www.ietf.org/rfcdiff?url2=draft-ietf-6man-ipv6-atomic-fragments-04 good if someone in the working group can review the diff-set. Best regards, Ole > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the IPv6 Maintenance Working Group of the IETF. > > Title : Processing of IPv6 "atomic" fragments > Author(s) : Fernando Gont > Filename : draft-ietf-6man-ipv6-atomic-fragments-04.txt > Pages : 14 > Date : 2013-03-20 > > Abstract: > The IPv6 specification allows packets to contain a Fragment Header > without the packet being actually fragmented into multiple pieces (we > refer to these packets as "atomic fragments"). Such packets are > typically sent by hosts that have received an ICMPv6 "Packet Too Big" > error message that advertises a "Next-Hop MTU" smaller than 1280 > bytes, and are currently processed by some implementations as normal > "fragmented traffic" (i.e., they are "reassembled" with any other > queued fragments that supposedly correspond to the same original > packet). Thus, an attacker can cause hosts to employ "atomic > fragments" by forging ICMPv6 "Packet Too Big" error messages, and > then launch any fragmentation-based attacks against such traffic. > This document discusses the generation of the aforementioned "atomic > fragments" and the corresponding security implications. > Additionally, this document formally updates RFC 2460 and RFC 5722 > such that IPv6 atomic fragments are processed independently of any > other fragments, thus completely eliminating the aforementioned > attack vector. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-atomic-fragments > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-6man-ipv6-atomic-fragments-04 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-6man-ipv6-atomic-fragments-04 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
