Search RFCs
RFC 7739
Security Implications of Predictable Fragment Identification Values,February 2016
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7739
Discuss this RFC: Send questions or comments to the mailing listipv6@ietf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7739
Abstract
IPv6 specifies the Fragment Header, which is employed for thefragmentation and reassembly mechanisms. The Fragment Headercontains an "Identification" field that, together with the IPv6Source Address and the IPv6 Destination Address of a packet,identifies fragments that correspond to the same original datagram,such that they can be reassembled together by the receiving host.The only requirement for setting the Identification field is that thecorresponding value must be different than that employed for anyother fragmented datagram sent recently with the same Source Addressand Destination Address. Some implementations use a simple globalcounter for setting the Identification field, thus leading topredictable Identification values. This document analyzes thesecurity implications of predictable Identification values, andprovides implementation guidance for setting the Identification fieldof the Fragment Header, such that the aforementioned securityimplications are mitigated.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.