[OPSEC] IPv6 Neighbor Discovery Security (draft-gont-opsec-ipv6-nd-security-01.txt)
Fernando Gont <fgont@si6networks.com> Sat, 12 January 2013 00:24 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8BD121F8919 for <opsec@ietfa.amsl.com>; Fri, 11 Jan 2013 16:24:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.549
X-Spam-Level:
X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FQo+NvxM9tgt for <opsec@ietfa.amsl.com>; Fri, 11 Jan 2013 16:24:06 -0800 (PST)
Received: from web01.jbserver.net (web01.jbserver.net [93.186.182.34]) by ietfa.amsl.com (Postfix) with ESMTP id C669A21F8888 for <opsec@ietf.org>; Fri, 11 Jan 2013 16:24:05 -0800 (PST)
Received: from [186.134.32.129] (helo=[192.168.123.123]) by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from <fgont@si6networks.com>) id 1TtosX-00030a-Li; Sat, 12 Jan 2013 01:23:18 +0100
Message-ID: <50F0ACF0.5080809@si6networks.com>
Date: Fri, 11 Jan 2013 21:23:12 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: "'opsec@ietf.org'" <opsec@ietf.org>
References: <20130111215008.22931.81394.idtracker@ietfa.amsl.com>
In-Reply-To: <20130111215008.22931.81394.idtracker@ietfa.amsl.com>
X-Enigmail-Version: 1.4.6
X-Forwarded-Message-Id: <20130111215008.22931.81394.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: [OPSEC] IPv6 Neighbor Discovery Security (draft-gont-opsec-ipv6-nd-security-01.txt)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jan 2013 00:24:06 -0000
Folks, We have published a revision of our IETF I-D entitled "Security Assessment of Neighbor Discovery (ND) for IPv6" (draft-gont-opsec-ipv6-nd-security-01) -- which is the first one that we are "socializing". The I-D is available at: <http://www.ietf.org/internet-drafts/draft-gont-opsec-ipv6-nd-security-01.txt>. This document follows the same spirit as RFC6274 (produced by opsec a couple of years ago) and is meant to improve the resiliency of IPv6 Neighbor Discovery implementations -- this time in a more timely fashion. ;-) Any comments will be welcome! P.S.: There are some comments that we received since version -00, but have not yet addressed (they are on my TODO list). Thanks! Best regards, Fernando -------- Original Message -------- From: internet-drafts@ietf.org To: fgont@si6networks.com Subject: New Version Notification for draft-gont-opsec-ipv6-nd-security-01.txt Date: Fri, 11 Jan 2013 13:50:08 -0800 A new version of I-D, draft-gont-opsec-ipv6-nd-security-01.txt has been successfully submitted by Fernando Gont and posted to the IETF repository. Filename: draft-gont-opsec-ipv6-nd-security Revision: 01 Title: Security Assessment of Neighbor Discovery (ND) for IPv6 Creation date: 2013-01-11 WG ID: Individual Submission Number of pages: 62 URL: http://www.ietf.org/internet-drafts/draft-gont-opsec-ipv6-nd-security-01.txt Status: http://datatracker.ietf.org/doc/draft-gont-opsec-ipv6-nd-security Htmlized: http://tools.ietf.org/html/draft-gont-opsec-ipv6-nd-security-01 Diff: http://www.ietf.org/rfcdiff?url2=draft-gont-opsec-ipv6-nd-security-01 Abstract: Neighbor Discovery is one of the core protocols of the IPv6 suite, and provides in IPv6 similar functions to those provided in the IPv4 protocol suite by the Address Resolution Protocol (ARP) and the Internet Control Message Protocol (ICMP). Its increased flexibility implies a somewhat increased complexity, which has resulted in a number of bugs and vulnerabilities found in popular implementations. This document provides guidance in the implementation of Neighbor Discovery, and documents issues that have affected popular implementations, in the hopes that the same issues do not repeat in other implementations. The IETF Secretariat
- [OPSEC] IPv6 Neighbor Discovery Security (draft-g… Fernando Gont