I-D Action: draft-trammell-privsec-defeating-tcpip-meta-00.txt
internet-drafts@ietf.org Fri, 29 July 2016 12:18 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 403B412D1BD for <i-d-announce@ietf.org>; Fri, 29 Jul 2016 05:18:28 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-trammell-privsec-defeating-tcpip-meta-00.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 6.29.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160729121828.27111.43305.idtracker@ietfa.amsl.com>
Date: Fri, 29 Jul 2016 05:18:28 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/TC3Y88KG1FRU6ZLWHCJ_8fO8vLA>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.17
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2016 12:18:28 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Detecting and Defeating TCP/IP Hypercookie Attacks Author : Brian Trammell Filename : draft-trammell-privsec-defeating-tcpip-meta-00.txt Pages : 13 Date : 2016-07-29 Abstract: The TCP/IP stack provides protocol features that can potentially be abused by on-path attackers to inject metadata about a traffic flow into that traffic flow in band. When this injected metadata is provided by an entity with knowledge about the natural person associated with a traffic flow, it becomes a grave threat to privacy, which we term a hypercookie. This document defines a threat model for hypercookie injection and hypercookie coercion attacks, catalogs protocol features that may be used to achieve them, and provides guidance for defeating these attacks, with an analysis of protocol features that are disabled by the proposed defeat mechanism. The deployment of firewalls that detect and reject abuse of protocol features can help, but the relative ease of injecting metadata for attackers on path, and trivial combination of metadata injection attacks, leads to a recommendation to add cryptographic integrity protection to transport layer headers to defend against injection attacks. tl;dr: at least with respect to metadata injection in the current Internet protocol stack, everything is ruined. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-trammell-privsec-defeating-tcpip-meta/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-trammell-privsec-defeating-tcpip-meta-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/
- I-D Action: draft-trammell-privsec-defeating-tcpi… internet-drafts