[technique] [Fwd: Bringing some sanity to IPv6 traffic (IETF Internet-Drafts)]

Laurent GUERBY laurent at guerby.net
Mar 16 Oct 12:43:43 CEST 2012


Quelques RFC probablement a venir sur IPv6.



  Security Implications of the Use of IPv6 Extension Headers with IPv6
                           Neighbor Discovery


   This document analyzes the security implications of using IPv6
   Extension Headers with Neighbor Discovery (ND) messages.  It updates
   RFC 4861 such that use of the IPv6 Fragmentation Header is forbidden
   in all Neighbor Discovery messages, thus allowing for simple and
   effective counter-measures for Neighbor Discovery attacks.  Finally,
   it discusses the security implications of using IPv6 fragmentation
   with SEcure Neighbor Discovery (SEND), and provides advice such that
   the aforementioned security implications are mitigated.

  Security and Interoperability Implications of Oversized IPv6 Header


   The IPv6 specification allows IPv6 header chains of an arbitrary
   size.  The specification also allows options which can in turn extend
   each of the headers.  In those scenarios in which the IPv6 header
   chain or options are unusually long and packets are fragmented, or
   scenarios in which the fragment size is very small, the first
   fragment of a packet may fail to include the entire IPv6 header
   chain.  This document discusses the interoperability and security
   problems of such traffic, and updates RFC 2460 such that the first
   fragment of a packet is required to contain the entire IPv6 header

-------- Forwarded Message --------
From: Fernando Gont <fernando at gont.com.ar>
To: netdev <netdev at vger.kernel.org>
Subject: Bringing some sanity to IPv6 traffic (IETF Internet-Drafts)
Date: 	Mon, 15 Oct 2012 18:57:04 -0300



* <http://tools.ietf.org/id/draft-ietf-6man-oversized-header-chain-01.txt>
* <http://tools.ietf.org/id/draft-ietf-6man-nd-extension-headers-00.txt>

P.S.: These two have already been adopted by the 6man wg, and are close
to be published as RFCs.

Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Plus d'informations sur la liste de diffusion technique