IETF Logo Mail Archive

RE: UDP+Fragmentation (was: "Deprecate")

"C. M. Heard" <heard@pobox.com> Mon, 19 August 2013 02:57 UTC

Return-Path: <heard@pobox.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B449621F9CA6 for <ipv6@ietfa.amsl.com>; Sun, 18 Aug 2013 19:57:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QI1MsohWXQ0C for <ipv6@ietfa.amsl.com>; Sun, 18 Aug 2013 19:57:41 -0700 (PDT)
Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C24D21F9D04 for <ipv6@ietf.org>; Sun, 18 Aug 2013 19:57:41 -0700 (PDT)
Received: (qmail 22083 invoked from network); 18 Aug 2013 19:57:37 -0700
Received: from shell4.bayarea.net (209.128.82.1) by shell4.bayarea.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 18 Aug 2013 19:57:37 -0700
Date: Sun, 18 Aug 2013 19:57:37 -0700
From: "C. M. Heard" <heard@pobox.com>
X-X-Sender: heard@shell4.bayarea.net
To: IPv6 <ipv6@ietf.org>
Subject: RE: UDP+Fragmentation (was: "Deprecate")
In-Reply-To: <2134F8430051B64F815C691A62D983180E0E0D@XCH-BLV-504.nw.nos.boeing.com>
Message-ID: <Pine.LNX.4.64.1308181938420.15297@shell4.bayarea.net>
References: <782A011A-B28F-4BD9-B3F1-C194D6244DFA@gmail.com> <Pine.LNX.4.64.1308010951100.15607@shell4.bayarea.net> <Pine.LNX.4.64.1308052027420.28100@shell4.bayarea.net> <f4cb5436e86b4ec88d34f2d21e2bbb24@BL2PR05MB243.namprd05.prod.outlook.com> <2134F8430051B64F815C691A62D983180E0A69@XCH-BLV-504.nw.nos.boeing.com> <fee4460daf2748e0bc5efda62c00b7df@BL2PR05MB243.namprd05.prod.outlook.com> <2134F8430051B64F815C691A62D983180E0D96@XCH-BLV-504.nw.nos.boeing.com> <2134F8430051B64F815C691A62D983180E0E0D@XCH-BLV-504.nw.nos.boeing.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Aug 2013 02:57:46 -0000

On Tue, 6 Aug 2013, Templin, Fred L wrote:
> One other thing for now is that Mike's proposal doesn't even
> address the attack vector that 'draft-bonica-6man-frag-deprecate'
> is concerned about. To address the tiny fragment concern, the
> protocol must ensure that tiny fragments cannot ever be created.

That is incorrect, or at least a red herring.

As draft-bonica-6man-frag-deprecate Section 2.3 points out, tiny 
IP-layer fragments are a problem because thsy can be crafted so that 
the L4 header, or a significant part thereof, does not appear in the 
initial IP fragment.

In the proposal I floated (or variants thereof, like a UDP 
replacement with a new protocol number) where L4 segments are used 
_instead_ of IP fragments that cannot happen, because the L4 header 
appears in front of _each_ segment -- just as with TCP.  Tiny 
transport layer _segments_ have not been identified as a problem.

//cmh

v2.23.0 | Report a Bug | By Email