Re: Last Call: RFC 6346 successful: moving to Proposed Standard
Fernando Gont <fernando@gont.com.ar> Thu, 04 December 2014 11:00 UTC
Return-Path: <fernando@gont.com.ar>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75D1D1A0162; Thu, 4 Dec 2014 03:00:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iu2g5TVgO4fq; Thu, 4 Dec 2014 03:00:48 -0800 (PST)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91F231A0137; Thu, 4 Dec 2014 03:00:48 -0800 (PST)
Received: from 248-241-235-201.fibertel.com.ar ([201.235.241.248] helo=[192.168.3.107]) by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.84) (envelope-from <fernando@gont.com.ar>) id 1XwU9O-0004tq-0j; Thu, 04 Dec 2014 12:00:46 +0100
Message-ID: <54803EB2.4070405@gont.com.ar>
Date: Thu, 04 Dec 2014 08:00:02 -0300
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Mark Andrews <marka@isc.org>, Dan Wing <dwing@cisco.com>
Subject: Re: Last Call: RFC 6346 successful: moving to Proposed Standard
References: <20141201223832.20448.34524.idtracker@ietfa.amsl.com> <9450AE5B-9401-4E16-856E-FB6B45C3FAAD@cisco.com> <20141204013131.EEB8324D4756@rock.dv.isc.org>
In-Reply-To: <20141204013131.EEB8324D4756@rock.dv.isc.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/nPcevqd0hqc1gBasunnLP5ZSSiM
Cc: ietf@ietf.org, iesg@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Dec 2014 11:00:51 -0000
On 12/03/2014 10:31 PM, Mark Andrews wrote: > In message <9450AE5B-9401-4E16-856E-FB6B45C3FAAD@cisco.com>, =?utf-8?Q?=F0=9F=9 > 4=93Dan_Wing?= writes: >> RFC6346 reduces the space for TCP/UDP ports, which makes port-based = >> attacks against protocols easier, as was mentioned in RFC6056: =20 >> >> "It is also worth noting that, provided adequate algorithms are in >> use, the larger the range from which ephemeral ports are selected, >> the smaller the chances of an attacker are to guess the selected port >> number." >> >> The primary mitigation against the Kaminsky was port randomization and = >> attacks against other protocols may also need such port randomization. = >> If RFC6346 progresses to Proposed Standard, its impact to the size of = >> the port space should be noted in RFC6346bis's security considerations. >> >> -d > > And https://tools.ietf.org/html/draft-ietf-dnsop-cookies-00 removes > the need for port randomization once deployed. If you don't get a > cookie back then you can retry using a randomised port. > > And just so you know it is not vapour ware BIND 9.10 has a experimental > implementation sans the error code called SIT. We haven't yet > stopped randomizing the port but that is planned for. May I ask why would you want to do that? Thanks, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
- Re: Last Call: RFC 6346 successful: moving to Pro… Christian de Larrinaga
- Re: Last Call: RFC 6346 successful: moving to Pro… Bob Hinden
- Re: Last Call: RFC 6346 successful: moving to Pro… Dave Crocker
- Re: Last Call: RFC 6346 successful: moving to Pro… Ralph Droms
- Re: Last Call: RFC 6346 successful: moving to Pro… John Curran
- Re: Last Call: RFC 6346 successful: moving to Pro… Dave Cridland
- Re: Last Call: RFC 6346 successful: moving to Pro… Fred Baker (fred)
- Re: Last Call: RFC 6346 successful: moving to Pro… George Michaelson
- Re: Last Call: RFC 6346 successful: moving to Pro… 🔓Dan Wing
- Re: Last Call: RFC 6346 successful: moving to Pro… Mark Andrews
- Re: Last Call: RFC 6346 successful: moving to Pro… George Michaelson
- Re: Last Call: RFC 6346 successful: moving to Pro… Mark Andrews
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- Re: Last Call: RFC 6346 successful: moving to Pro… Brian E Carpenter
- Re: Last Call: RFC 6346 successful: moving to Pro… l.wood
- IPv6 Adoption Curve (was Re: Last Call: RFC 6346 … Dave Crocker
- Re: IPv6 Adoption Curve (was Re: Last Call: RFC 6… George Michaelson
- Re: Last Call: RFC 6346 successful: moving to Pro… Andrew Sullivan
- Re: IPv6 Adoption Curve (was Re: Last Call: RFC 6… Olivier MJ Crepin-Leblond
- Re: IPv6 Adoption Curve (was Re: Last Call: RFC 6… Randy Bush
- Re: Last Call: RFC 6346 successful: moving to Pro… Mark Andrews
- Re: Last Call: RFC 6346 successful: moving to Pro… Fernando Gont
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- Re: Last Call: RFC 6346 successful: moving to Pro… Ralph Droms
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- Re: Last Call: RFC 6346 successful: moving to Pro… Dave Crocker
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- Re: Last Call: RFC 6346 successful: moving to Pro… Andrew Sullivan
- Re: Last Call: RFC 6346 successful: moving to Pro… Eggert, Lars
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- Re: Last Call: RFC 6346 successful: moving to Pro… Andrew Sullivan
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- Re: Last Call: RFC 6346 successful: moving to Pro… Randy Bush
- Re: Last Call: RFC 6346 successful: moving to Pro… Bob Hinden
- Re: Last Call: RFC 6346 successful: moving to Pro… Phillip Hallam-Baker
- Re: Last Call: RFC 6346 successful: moving to Pro… George Michaelson
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- Re: Last Call: RFC 6346 successful: moving to Pro… Mark Andrews
- Re: Last Call: RFC 6346 successful: moving to Pro… Mark Andrews
- Re: Last Call: RFC 6346 successful: moving to Pro… Phillip Hallam-Baker
- Re: Last Call: RFC 6346 successful: moving to Pro… Fernando Gont
- Re: Last Call: RFC 6346 successful: moving to Pro… 🔓Dan Wing
- Re: Last Call: RFC 6346 successful: moving to Pro… Mark Andrews
- Re: Last Call: RFC 6346 successful: moving to Pro… Phillip Hallam-Baker
- Re: Last Call: RFC 6346 successful: moving to Pro… Lee Howard
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- Re: Last Call: RFC 6346 successful: moving to Pro… Phillip Hallam-Baker
- Re: Last Call: RFC 6346 successful: moving to Pro… Doug Royer
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- Re: Last Call: RFC 6346 successful: moving to Pro… Doug Royer
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- Re: Last Call: RFC 6346 successful: moving to Pro… Doug Royer
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- Re: Last Call: RFC 6346 successful: moving to Pro… Mark Andrews
- Re: Last Call: RFC 6346 successful: moving to Pro… Lee Howard
- Re: Last Call: RFC 6346 successful: moving to Pro… Phillip Hallam-Baker
- Re: Last Call: RFC 6346 successful: moving to Pro… Dave Crocker
- Re: Last Call: RFC 6346 successful: moving to Pro… heasley
- Re: Last Call: RFC 6346 successful: moving to Pro… Mark Andrews
- Re: Last Call: RFC 6346 successful: moving to Pro… Dave Crocker
- Re: Last Call: RFC 6346 successful: moving to Pro… Lee Howard
- Re: Last Call: RFC 6346 successful: moving to Pro… John Levine
- Re: [eX-bulk] : Re: Last Call: RFC 6346 successfu… Christopher LILJENSTOLPE
- Re: [eX-bulk] : Re: Last Call: RFC 6346 successfu… Christopher LILJENSTOLPE
- Re: Last Call: RFC 6346 successful: moving to Pro… Brian E Carpenter
- Re: Last Call: RFC 6346 successful: moving to Pro… James Woodyatt
- Re: Last Call: RFC 6346 successful: moving to Pro… Mark Andrews
- Re: Last Call: RFC 6346 successful: moving to Pro… John R Levine
- Re: Last Call: RFC 6346 successful: moving to Pro… Douglas Otis
- RE: Last Call: RFC 6346 successful: moving to Pro… Christian Huitema
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- RE: Last Call: RFC 6346 successful: moving to Pro… Christian Huitema
- Re: Last Call: RFC 6346 successful: moving to Pro… Ted Lemon
- Re: Last Call: RFC 6346 successful: moving to Pro… Stewart Bryant (stbryant)
- Re: Last Call: RFC 6346 successful: moving to Pro… heasley
- Re: Last Call: RFC 6346 successful: moving to Pro… heasley
- Re: Last Call: RFC 6346 successful: moving to Pro… Brian E Carpenter
- Re: Last Call: RFC 6346 successful: moving to Pro… Mark Andrews
- Re: Last Call: RFC 6346 successful: moving to Pro… 🔓Dan Wing
- Re: Last Call: RFC 6346 successful: moving to Pro… 🔓Dan Wing
- Re: Last Call: RFC 6346 successful: moving to Pro… Stewart Bryant