Re: 6MAN WG Last Call: draft-ietf-6man-predictable-fragment-id-01

[Fernando Gont <fgont@si6networks.com>]

On 12/09/2014 02:23 PM, 神明達哉 wrote:
> At Tue, 09 Dec 2014 06:22:49 -0300,
> Fernando Gont <fernando@gont.com.ar> wrote:
> 
>>> - Section 4:
>>>
>>>    The Identification value of the Fragment Header MUST NOT be
>>>    predictable by an off-path attacker.
>>>
>>>   'MUST NOT be predictable' sounds vague to me, especially with the
>>>   RFC2119 keyword.  I'm not sure if there's a precedent of the use of
>>>   this word with a normative keyword, but even if there's, I would
>>>   personally still like to see a clearer term here.
>>
>> FWIW, RFC6056 (port randomization) says:
>>
>>    Ephemeral port selection algorithms SHOULD obfuscate the selection of
>>    their ephemeral ports, since this helps to mitigate a number of
>>    attacks that depend on the attacker's ability to guess or know the
>>    five-tuple that identifies the transport-protocol instance to be
>>    attacked.
>>
>>
>> OTOH, RFC6528 (TCP SEQ randomization) says:
>>
>>    F() MUST NOT be computable from
>>    the outside, or an attacker could still guess at sequence numbers
>>    from the ISN used for some other connection.
>>
>> where F() is essentially the TCP SEQ generator..
> 
> By referring to these, do you mean you think the current text of the
> draft is good enough? (asking simply because I'm not sure about the
> intent).

No. I'm just noting how it was specified in other cases, to check if you
like those options better (FWIW, when you raised the issue, I wondered
myself "how did we specify this for...?")

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492