IETF Logo Mail Archive

I-D Action: draft-trammell-privsec-defeating-tcpip-meta-00.txt

internet-drafts@ietf.org Fri, 29 July 2016 12:18 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 403B412D1BD for <i-d-announce@ietf.org>; Fri, 29 Jul 2016 05:18:28 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-trammell-privsec-defeating-tcpip-meta-00.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 6.29.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160729121828.27111.43305.idtracker@ietfa.amsl.com>
Date: Fri, 29 Jul 2016 05:18:28 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/TC3Y88KG1FRU6ZLWHCJ_8fO8vLA>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.17
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2016 12:18:28 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : Detecting and Defeating TCP/IP Hypercookie Attacks
        Author          : Brian Trammell
	Filename        : draft-trammell-privsec-defeating-tcpip-meta-00.txt
	Pages           : 13
	Date            : 2016-07-29

Abstract:
   The TCP/IP stack provides protocol features that can potentially be
   abused by on-path attackers to inject metadata about a traffic flow
   into that traffic flow in band.  When this injected metadata is
   provided by an entity with knowledge about the natural person
   associated with a traffic flow, it becomes a grave threat to privacy,
   which we term a hypercookie.

   This document defines a threat model for hypercookie injection and
   hypercookie coercion attacks, catalogs protocol features that may be
   used to achieve them, and provides guidance for defeating these
   attacks, with an analysis of protocol features that are disabled by
   the proposed defeat mechanism.

   The deployment of firewalls that detect and reject abuse of protocol
   features can help, but the relative ease of injecting metadata for
   attackers on path, and trivial combination of metadata injection
   attacks, leads to a recommendation to add cryptographic integrity
   protection to transport layer headers to defend against injection
   attacks.

   tl;dr: at least with respect to metadata injection in the current
   Internet protocol stack, everything is ruined.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-trammell-privsec-defeating-tcpip-meta/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-trammell-privsec-defeating-tcpip-meta-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

v2.23.0 | Report a Bug | By Email