Last Call: <draft-ietf-6man-nd-extension-headers-03.txt> (Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Tue, 15 January 2013 15:41 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07CB121F86FD; Tue, 15 Jan 2013 07:41:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.461
X-Spam-Level:
X-Spam-Status: No, score=-102.461 tagged_above=-999 required=5 tests=[AWL=0.138, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R5Qv25Iao1bA; Tue, 15 Jan 2013 07:41:22 -0800 (PST)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8357721F8635; Tue, 15 Jan 2013 07:41:22 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Last Call: <draft-ietf-6man-nd-extension-headers-03.txt> (Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery) to Proposed Standard
X-Test-IDTracker: no
X-IETF-IDTracker: 4.37
Message-ID: <20130115154122.15617.50856.idtracker@ietfa.amsl.com>
Date: Tue, 15 Jan 2013 07:41:22 -0800
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ietf@ietf.org
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2013 15:41:23 -0000
The IESG has received a request from the IPv6 Maintenance WG (6man) to consider the following document: - 'Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery' <draft-ietf-6man-nd-extension-headers-03.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-01-29. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document analyzes the security implications of employing IPv6 fragmentation with Neighbor Discovery (ND) messages. It updates RFC 4861 such that use of the IPv6 Fragmentation Header is forbidden in all Neighbor Discovery messages, thus allowing for simple and effective counter-measures for Neighbor Discovery attacks. Finally, it discusses the security implications of using IPv6 fragmentation with SEcure Neighbor Discovery (SEND), and formally updates RFC 3971 to provide advice regarding how the aforementioned security implications can be prevented. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-6man-nd-extension-headers/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-6man-nd-extension-headers/ballot/ No IPR declarations have been submitted directly on this I-D.