IETF Logo Mail Archive

Re: Last Call: RFC 6346 successful: moving to Proposed Standard

🔓Dan Wing <dwing@cisco.com> Thu, 04 December 2014 00:58 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F09341A6F32; Wed, 3 Dec 2014 16:58:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.211
X-Spam-Level:
X-Spam-Status: No, score=-14.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mPQF6naatQG1; Wed, 3 Dec 2014 16:58:25 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED2881A6EE0; Wed, 3 Dec 2014 16:58:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1777; q=dns/txt; s=iport; t=1417654705; x=1418864305; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=6ABMrFh6/VrbSAygv5b8yIZFiNqQ2loQ/K2N5Ks6YO8=; b=a6RDbRAMiUoRreoC1FbNk/d16HftACd+o+zQLa7+n/n563YvEauTx2w3 +wLt3WdmohbT1j2InqkX6lhdfst+D5uewuGPAwdtqiFuYndg2W+5nTO6j sKpySqKoJFARWcVPs/vPw8Nf9JWXzcRqo9i5/OAJJAvqeAV5B7G7jz7tI w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ag0FAEOwf1StJA2B/2dsb2JhbABagwZSWMZehhUCgRUWAQEBAQF9hAMBAQMBOjQLEAtGRhEZiDUJDdZSAQEBAQEBAQMBAQEBAQEBAQEZjR2DFjMHFoMOgR4FilKJU4Y0gSI4gnWCTIx7ghCCCR4wgkUBAQE
X-IronPort-AV: E=Sophos;i="5.07,511,1413244800"; d="scan'208";a="374259637"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-1.cisco.com with ESMTP; 04 Dec 2014 00:58:24 +0000
Received: from [10.24.69.20] ([10.24.69.20]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id sB40wMMS021506 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 4 Dec 2014 00:58:23 GMT
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Subject: Re: Last Call: RFC 6346 successful: moving to Proposed Standard
From: 🔓Dan Wing <dwing@cisco.com>
In-Reply-To: <20141201223832.20448.34524.idtracker@ietfa.amsl.com>
Date: Wed, 03 Dec 2014 16:58:22 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <9450AE5B-9401-4E16-856E-FB6B45C3FAAD@cisco.com>
References: <20141201223832.20448.34524.idtracker@ietfa.amsl.com>
To: ietf@ietf.org
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/fxXY3VcOduC9Z8nKBVyHcOyTVeg
Cc: iesg@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Dec 2014 00:58:27 -0000

RFC6346 reduces the space for TCP/UDP ports, which makes port-based attacks against protocols easier, as was mentioned in RFC6056:  

  "It is also worth noting that, provided adequate algorithms are in
   use, the larger the range from which ephemeral ports are selected,
   the smaller the chances of an attacker are to guess the selected port
   number."

The primary mitigation against the Kaminsky was port randomization and attacks against other protocols may also need such port randomization.  If RFC6346 progresses to Proposed Standard, its impact to the size of the port space should be noted in RFC6346bis's security considerations.

-d


On Dec 1, 2014, at 2:38 PM, The IESG <iesg-secretary@ietf.org> wrote:

> 
> The IESG has received a request from an individual participant to make
> the following status changes:
> 
> - RFC6346 from Experimental to Proposed Standard
>    (The Address plus Port (A+P) Approach to the IPv4 Address Shortage)
> 
> The supporting document for this request can be found here:
> 
> http://datatracker.ietf.org/doc/status-change-address-plus-port-to-proposed/
> 
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@ietf.org mailing lists by 2014-12-29. Exceptionally, comments may be
> sent to iesg@ietf.org instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
> 
> The affected document can be obtained via
> http://datatracker.ietf.org/doc/rfc6346/
> 
> IESG discussion of this request can be tracked via
> http://datatracker.ietf.org/doc/status-change-address-plus-port-to-proposed/ballot/
> 
>

v2.23.0 | Report a Bug | By Email