Protocol Action: 'Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery' to Proposed Standard (draft-ietf-6man-nd-extension-headers-05.txt)
The IESG <iesg-secretary@ietf.org> Mon, 03 June 2013 19:29 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C5DE21E8087; Mon, 3 Jun 2013 12:29:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.407
X-Spam-Level:
X-Spam-Status: No, score=-102.407 tagged_above=-999 required=5 tests=[AWL=0.193, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WDCoFjVH1A6i; Mon, 3 Jun 2013 12:29:16 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CBBCE21E80A0; Mon, 3 Jun 2013 12:23:07 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery' to Proposed Standard (draft-ietf-6man-nd-extension-headers-05.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 4.50
Message-ID: <20130603192307.17650.56927.idtracker@ietfa.amsl.com>
Date: Mon, 03 Jun 2013 12:23:07 -0700
Cc: 6man chair <6man-chairs@tools.ietf.org>, 6man mailing list <ipv6@ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jun 2013 19:29:25 -0000
The IESG has approved the following document: - 'Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery' (draft-ietf-6man-nd-extension-headers-05.txt) as Proposed Standard This document is the product of the IPv6 Maintenance Working Group. The IESG contact persons are Brian Haberman and Ted Lemon. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-6man-nd-extension-headers/ Technical Summary: This document analyzes the security implications of using IPv6 Extension Headers with Neighbor Discovery (ND) messages. It updates RFC 4861 such that use of the IPv6 Fragmentation Header is forbidden in all Neighbor Discovery messages, thus allowing for simple and effective counter-measures for Neighbor Discovery attacks. Finally, it discusses the security implications of using IPv6 fragmentation with SEcure Neighbor Discovery (SEND), and formally updates RFC 3971 to provide advice regarding how the aforementioned security implications can be prevented. Working Group Summary: There is working support for this document. It has been discussed on the mailing list and in face to face 6man sessions. The chairs did a review that improved the quality of the document. Document Quality: No known implementations. Personnel: Who is the Document Shepherd? Who is the Responsible Area Director? Bob Hinden, Document Shepherd Brian Haberman, Internet AD RFC Editor Note OLD splitting the necessary information into multiple RA messages NEW splitting the necessary information into multiple Router Advertisement (RA) messages OLD options such as the CGA option NEW options such as the Cryptographically Generated Address (CGA) option OLD that would result in fragmented CPA messages. NEW that would result in fragmented Certification Path Advertisement (CPA) messages.