1 / 6

Teredo Security Updates

Teredo Security Updates. draft-krishnan-v6ops-teredo-update-01.txt Suresh Krishnan & Jim Hoagland v6ops@IETF70. Scope. Standards track document Update the base Teredo spec to reduce the guessability of Teredo addresses Split out from the original Teredo security concerns draft

lara-mays
Download Presentation

Teredo Security Updates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Teredo Security Updates draft-krishnan-v6ops-teredo-update-01.txt Suresh Krishnan & Jim Hoagland v6ops@IETF70

  2. Scope • Standards track document • Update the base Teredo spec to reduce the guessability of Teredo addresses • Split out from the original Teredo security concerns draft • Security considerations section that updates the SecCons of RFC4380.

  3. Changes • The flags field is modified as Teredo as follows • Randomize flags • Reduces predictability of addresses by using 12 random bits instead of 12 zero bits • Deprecate Cone bit • The cone-bit divulges the security posture of the network. Avoid this • The new redefined flags field looks like this

  4. Backward compatibility • Vista implementation of Teredo already randomizes the previously zero flag bits • Other implementations need to be updated if they need the reduced predictability • All implementations need to be modified to set the Cone bit to 0 • No interoperability issues between modified and unmodified clients

  5. Further steps • Questions? • Accept as wg item? • Appropriate venue

  6. Address Format +-------------+-------------+-------+------+-------------+ | Prefix | Server IPv4 | Flags | Port | Client IPv4 | +-------------+-------------+-------+------+-------------+

More Related