[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-manral-v6ops-tiny-fragments-issues-02.txt

To: vishwas@sinett.com
Subject: Re: Comments on draft-manral-v6ops-tiny-fragments-issues-02.txt
From: Fred Baker <fred@cisco.com>
Date: Tue, 6 Jun 2006 11:15:30 -0700
Authentication-results: sj-dkim-2.cisco.com; header.From=fred@cisco.com; dkim=pass ( sig from cisco.com verified; );
Cc: v6ops@ops.ietf.org, Elwyn Davies <elwynd@dial.pipex.com>, Pekka Savola <psavola@funet.fi>, Suresh Krishnan <suresh.krishnan@ericsson.com>
Dkim-signature: a=rsa-sha1; q=dns; l=930; t=1149617732; x=1150481732; c=relaxed/simple; s=sjdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fred@cisco.com; z=From:Fred=20Baker=20<fred@cisco.com> |Subject:Re=3A=20Comments=20on=20draft-manral-v6ops-tiny-fragments-issues-02.txt; X=v=3Dcisco.com=3B=20h=3DZnzTT03dQqU6ygBDzNg9ORaJtTo=3D; b=LB4j5UUhGbl9MXA/jmWDIG+1mDXBc4lpvRvuB/2Ki9oAq8YvH2wRgL56oivFmQYik7pUDNBy 8FJ6LU9QknkUzgsZ7Cyx1Ikw78edFqRwk+6W+3tvEIQBcYLragA/1Yng;
In-reply-to: <4485B6AC.1040709@ericsson.com>
References: <4485B6AC.1040709@ericsson.com>

Vishwas:

I have gotten some comments off-list, and some comments on.

The general consensus of what I'm hearing is that the draft isincomplete, but hits on a real problem, which is that of overlappingfragments resulting in a variety of attack. Your primary concern isnot that, however, it is the matter of the first fragment managing toenable a firewall to mis-apply a rule, allowing a packet to getthrough because the port number is in the second fragment.

The security overview document draft-ietf-v6ops-security-overview-04.txt, in sections 2.1.10 and 2.1.11, addressesfragmentation-related issues. The IESG has bounced that back with anumber of comments, and so there will need to be a new draft posted.I would suggest that you correspond with the authors, copied; Ibelieve that you will find that they are willing to make sure yourissues are covered in that draft.

Fred

Follow-Ups:
- Re: Comments on draft-manral-v6ops-tiny-fragments-issues-02.txt
  - From: "Vishwas Manral" <vishwas.ietf@gmail.com>

References:
- Comments on draft-manral-v6ops-tiny-fragments-issues-02.txt
  - From: Suresh Krishnan <suresh.krishnan@ericsson.com>

Prev by Date: Comments on draft-manral-v6ops-tiny-fragments-issues-02.txt
Next by Date: Re: Comments on draft-manral-v6ops-tiny-fragments-issues-02.txt
Previous by thread: Comments on draft-manral-v6ops-tiny-fragments-issues-02.txt
Next by thread: Re: Comments on draft-manral-v6ops-tiny-fragments-issues-02.txt
Index(es):
- Date
- Thread