<?xml version="1.0"encoding="US-ASCII"?>encoding="UTF-8"?> <!DOCTYPE rfcSYSTEM "rfc2629.dtd"[ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]><?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?><!-- used by XSLT processors --> <!-- OPTIONS, known as processing instructions (PIs) go here. --><?rfc toc="yes" ?> <?rfc symrefs="yes" ?> <?rfc strict="no" ?><rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category="bcp" consensus="true" docName="draft-gont-numeric-ids-sec-considerations-11" number="9416" ipr="trust200902"updates="3552">updates="3552" obsoletes="" xml:lang="en" tocInclude="true" symRefs="true" sortRefs="true" version="3"> <!-- xml2rfc v2v3 conversion 3.16.0 --> <front> <title abbrev="Security Considerations for IDs">Security Considerations for Transient Numeric Identifiers Employed in Network Protocols</title> <seriesInfo name="RFC" value="9416"/> <seriesInfo name="BCP" value="72"/> <author fullname="Fernando Gont" initials="F." surname="Gont"> <organization abbrev="SI6 Networks">SI6 Networks</organization> <address> <postal> <street>Segurola y Habana 4310 7mo piso</street> <city>Ciudad Autonoma de Buenos Aires</city><region>Buenos Aires</region><country>Argentina</country> </postal><!-- <phone>+54 11 4650 8472</phone> --><email>fgont@si6networks.com</email> <uri>https://www.si6networks.com</uri> </address> </author> <author fullname="Ivan Arce" initials="I." surname="Arce"> <organization abbrev="Quarkslab">Quarkslab</organization> <address> <postal> <street>Segurola y Habana 4310 7mo piso</street> <city>Ciudad Autonoma de Buenos Aires</city><region>Buenos Aires</region><country>Argentina</country> </postal> <email>iarce@quarkslab.com</email> <uri>https://www.quarkslab.com</uri> </address> </author><date/> <!-- <area>Internet</area> <workgroup>Dynamic Host Configuration (dhc)</workgroup> --> <!-- <area/> --> <!-- <workgroup/> --><date year="2023" month="July"/> <area>sec</area> <keyword>security</keyword> <keyword>vulnerability</keyword> <keyword>algorithm</keyword> <keyword>attack</keyword> <keyword>fingerprinting</keyword> <abstract> <t> Poor selection of transient numerical identifiers in protocols such as the TCP/IP suite has historically led to a number of attacks on implementations, ranging from Denial of Service (DoS)toor data injectionandto informationleakageleakages that can be exploited by pervasive monitoring. Due diligence in the specification of transient numeric identifiers is required even when cryptographic techniques are employed, since these techniques might not mitigate all the associated issues. This document formally updates RFC 3552, incorporating requirements for transient numeric identifiers, to prevent flaws in future protocols and implementations. </t> </abstract> </front> <middle> <sectiontitle="Introduction" anchor="intro">anchor="intro" numbered="true" toc="default"> <name>Introduction</name> <t>NetworkNetworking protocols employ a variety of transient numeric identifiers for different protocolentities, ranging from DNS Transaction IDs (TxIDs) to transport protocol numbers (e.g. TCP ports) orobjects, such as IPv4 and IPv6 Identification values <xref target="RFC0791" format="default"/> <xref target="RFC8200" format="default"/>, IPv6 Interface Identifiers(IIDs).(IIDs) <xref target="RFC4291" format="default"/>, transport-protocol ephemeral port numbers <xref target="RFC6056" format="default"/>, TCP Initial Sequence Numbers (ISNs) <xref target="RFC9293" format="default"/>, NTP Reference IDs (REFIDs) <xref target="RFC5905" format="default"/>, and DNS IDs <xref target="RFC1035" format="default"/>. These identifiersusuallytypically have specificpropertiesrequirements (e.g., uniqueness during a specified period of time) that must be satisfied such that they do not result in negative interoperabilityimplications (e.g., uniqueness during a specified period of time),implications, and an associated failure severity when suchpropertiesrequirements are notmet. </t> <t>The TCP/IP protocol suite alone hasmet <xref target="RFC9415" format="default"/>.</t> <aside> <t>NOTE: Some documents refer to the DNS ID as the DNS "Query ID" or "TxID".</t> </aside> <t>For more than 30 years, a large number of implementations of IETF protocols have been subject to a variety ofattacks on its transient numeric identifiers over the past 30 years or more,attacks, with effects ranging from Denial of Service (DoS) or datainjection,injection to informationleakageleakages that could be exploited for pervasive monitoring <xreftarget="RFC7258"/>.target="RFC7258" format="default"/>. The root cause of these issues has been, in many cases, the poor selection of transient numeric identifiers in such protocols, usually as a result of insufficient or misleading specifications. While it is generally trivial to identify an algorithm that can satisfy the interoperability requirementsforof a given transient numeric identifier,there exists practicalempirical evidence<xref target="I-D.irtf-pearg-numeric-ids-history"/>exists that doing so without negatively affecting the security and/or privacy properties of the aforementioned protocols is prone toerror.</t>error <xref target="RFC9414" format="default"/>.</t> <t>For example, implementations have been subject to security and/or privacy issues resultingfrom: <list style="symbols"> <t>Predictable TCP sequence numbers (see e.g.from:</t> <ul spacing="normal"> <li>predictable IPv4 or IPv6 Identification values (e.g., see <xreftarget="Morris1985"/>,target="Sanfilippo1998a" format="default"/>, <xreftarget="Bellovin1989"/>,target="RFC6274" format="default"/>, and <xreftarget="RFC6528"/>)</t> <t>Predictable transport protocoltarget="RFC7739" format="default"/>),</li> <li>predictable IPv6 IIDs (e.g., see <xref target="RFC7217" format="default"/>, <xref target="RFC7707" format="default"/>, and <xref target="RFC7721" format="default"/>),</li> <li>predictable transport-protocol ephemeral port numbers(see e.g.(e.g., see <xreftarget="Silbersack2005"/>target="RFC6056" format="default"/> and <xreftarget="RFC6056"/>)</t> <t>Predictable IPv4 or IPv6 Fragment Identifiers (see e.g.target="Silbersack2005" format="default"/>),</li> <li>predictable TCP Initial Sequence Numbers (ISNs) (e.g., see <xreftarget="Sanfilippo1998a"/>,target="Morris1985" format="default"/>, <xreftarget="RFC6274"/>,target="Bellovin1989" format="default"/>, and <xreftarget="RFC7739"/>)</t> <t>Predictable IPv6 IIDs (see e.g. <xref target="RFC7217"/>,target="RFC6528" format="default"/>),</li> <li>predictable initial timestamps in TCP timestamps options (e.g., see <xreftarget="RFC7707"/>,target="TCPT-uptime" format="default"/> and <xreftarget="RFC7721"/>)</t> <t>Predictabletarget="RFC7323" format="default"/>), and</li> <li>predictable DNSTxIDs (see e.g.IDs (see, e.g., <xreftarget="Schuba1993"/>target="Schuba1993" format="default"/> and <xreftarget="Klein2007"/>)</t> </list>target="Klein2007" format="default"/>).</li> </ul> <t> Recent history indicatesthatthat, when new protocols are standardized or new protocol implementations are produced, the security and privacy properties of the associated transient numeric identifiers tend to beoverlookedoverlooked, and inappropriate algorithms to generate such identifiers are either suggested in thespecificationspecifications or selected by implementers. As a result, advice in this area is warranted. </t> <t>We note that the use of cryptographic techniques for confidentiality and authentication might not eliminate all the issues associated with predictable transient numeric identifiers. Therefore, due diligence in the specification of transient numeric identifiers is required even when cryptographic techniques are employed.<list style="hanging"> <t hangText="Note:"> <vspace blankLines="0" />For</t> <aside><t>NOTE: For example, cryptographic authentication can readily mitigate data injection attacks even in the presence of predictable transient numeric identifiers (such as "sequence numbers"). However, use of flawed algorithms (such as global counters) for generating transient numeric identifiers could still result in information leakages even when cryptographic techniques are employed. These information leakages could in turn be leveraged to perform other devastating attacks (please see <xreftarget="I-D.irtf-pearg-numeric-ids-generation"/>target="RFC9415" format="default"/> for further details).</t> </list> </t></t></aside> <t><xreftarget="issues"/>target="issues" format="default"/> provides an overview of common flaws in the specification of transient numeric identifiers. <xreftarget="vulns"/>target="vulns" format="default"/> provides an overview of common flaws in theimplicationsgeneration ofpredictabletransient numericidentifiers.identifiers and their associated security and privacy implications. Finally, <xreftarget="reqs"/>target="reqs" format="default"/> provides key guidelines for protocol designers. </t> </section> <sectiontitle="Terminology" anchor="terminology"> <t> <list style="hanging"> <t hangText="Transientanchor="terminology" numbered="true" toc="default"> <name>Terminology</name> <dl newline="true" spacing="normal"> <dt>Transient NumericIdentifier:"> <vspace blankLines="0" />AIdentifier:</dt> <dd>A data object in a protocol specification that can be used to definitely distinguish a protocol object (a datagram, network interface,transport protocoltransport-protocol endpoint, session, etc.) from all other objects of the same type, in a given context. Transient numeric identifiers are usually defined as a series ofbits,bits and represented using integer values. These identifiers are typically dynamically selected, as opposed tostatically-assignedstatically assigned numeric identifiers(see e.g.(e.g., see <xreftarget="IANA-PROT"/>).target="IANA-PROT" format="default"/>). We note that different transient numeric identifiers may have additional requirements or properties depending on their specific use in a protocol. We use the term "transient numeric identifier" (or simply "numeric identifier" or "identifier" as short forms) as a generic term to refer to any data object in a protocol specification that satisfies the identification property stated above.</t> <t hangText="Failure Severity:"> <vspace blankLines="0" />The</dd> <dt>Failure Severity:</dt> <dd>The interoperability consequences of a failure to comply with the interoperability requirements of a given identifier. Severity considers the worst potential consequence of a failure, determined by the system damage and/or time lost to repair the failure. In thisdocumentdocument, we define two types of failure severity: "soft" and "hard".</t> <t hangText="Hard Failure:"> <vspace blankLines="0" />A hard failure</dd> <dt>Soft Failure:</dt> <dd>A recoverable condition in which a protocol does not operate in the prescribed manner but normal operation can be resumed automatically in a short period of time. For example, a simple packet-loss event that is subsequently recovered with a retransmission can be considered a soft failure. </dd> <dt>Hard Failure:</dt> <dd>A non-recoverable condition in which a protocol does not operate in the prescribed manner or it operates with excessive degradation of service. For example, an established TCP connection that is aborted due to an error condition constitutes, from the point of view of the transport protocol, a hard failure, since it enters a state from which normal operation cannot be recovered.</t> <t hangText="Soft Failure:"> <vspace blankLines="0" />A soft failure is a recoverable condition in which a protocol does not operate in the prescribed manner but normal operation can be resumed automatically in a short period of time. For example, a simple packet-loss event that is subsequently recovered with a retransmission can be considered a soft failure. </t> </list> </t></dd> </dl> <t>The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xreftarget='RFC2119' />target="RFC2119" format="default"/> <xreftarget='RFC8174' />target="RFC8174" format="default"/> when, and only when, they appear in all capitals, as shown here. </t> </section> <sectiontitle="Issuesanchor="issues" numbered="true" toc="default"> <name>Issues with the Specification of Transient NumericIdentifiers" anchor="issues"> <t>A recent survey ofIdentifiers</name> <t>Recent work on transient numeric identifier usage in protocol specifications and implementations <xreftarget="I-D.irtf-pearg-numeric-ids-history"/>target="RFC9414" format="default"/> <xref target="RFC9415" format="default"/> revealed that most of the issues discussed in this document arise as a result of one of the following conditions:<list style="symbols"> <t>Protocol</t> <ul spacing="normal"> <li>protocol specifications thatunder-specify the requirements forunder specify theiridentifiers</t> <t>Protocoltransient numeric identifiers</li> <li>protocol specifications thatover-specifyover specify theiridentifiers</t> <t>Protocoltransient numeric identifiers</li> <li>protocol implementations that simply fail to comply with the specifiedrequirements</t> </list> </t>requirements</li> </ul> <t>Bothunder-specifyingunder specifying andover-specifyingover specifying transient numeric identifiers is hazardous. TCPport numbers and sequence numberslocal ports <xreftarget="RFC0793"/> andtarget="RFC0793" format="default"/>, as well as DNSTxIDIDs <xreftarget="RFC1035"/>target="RFC1035" format="default"/>, were originallyunder-specified,under specified, leading to implementations thatusedresulted in predictable values and thus were vulnerable to numerous off-path attacks.Over-specification,Over specification, as for IPv6 Interface Identifiers (IIDs) <xreftarget="RFC4291"/>target="RFC4291" format="default"/> andFragmentIPv6 Identification values <xreftarget="RFC2460"/>,target="RFC2460" format="default"/>, left implementations unable to respond to security and privacy issues stemming from the mandated or recommended algorithms -- IPv6 IIDs need not expose privacy-sensitive link-layer addresses, and predictable IPv6 FragmentIdentifiersHeader Identification values invite the same off-path attacks that plague TCP.</t> <t>Finally, there are protocol implementations that simply fail to comply with existing protocol specifications. That is, appropriate guidance is provided by the protocol specification (whether it be the core specification or an update to it), but an implementation simply fails to follow such guidance. For example, some popular operating systems still fail to implement transport-protocol port randomization, as specified in <xreftarget="RFC6056"/>.</t>target="RFC6056" format="default"/>.</t> <t>Clear specification of the interoperability requirements for the transient numeric identifiers will help identify possible algorithms that could be employed to generatethem,them and also make evident if such identifiers are beingover-specified.over specified. A protocol specification will usually also benefit from a vulnerability assessment of the transient numeric identifiers theyspecify,specify to prevent the corresponding considerations from being overlooked. </t> </section> <sectiontitle="Commonanchor="vulns" numbered="true" toc="default"> <name>Common Flaws in the Generation of Transient NumericIdentifiers" anchor="vulns">Identifiers</name> <t>This section briefly notes common flaws associated with the generation of transient numeric identifiers. Such common flaws include, but are not limited to:<list style="symbols"> <t>Employing</t> <ul spacing="normal"> <li>employing trivial algorithms(e.g.(e.g., global counters) that result in predictableidentifiers</t> <t>Employingidentifiers,</li> <li>employing the same identifier across contexts in which constancy is notrequired</t> <t>Re-usingrequired,</li> <li>reusing identifiers across different protocols or layers of the protocolstack</t> <t>Initializingstack,</li> <li>initializing counters or timers to constantvalues,values when such initialization is notrequired</t> <t>Employingrequired,</li> <li>employing the same increment space across differentcontexts</t> <t>Usecontexts, and</li> <li>use of flawedpseudo-random number generators (PRNGs).</t> </list> </t>Pseudorandom Number Generators (PRNGs).</li> </ul> <t> Employing trivial algorithms for generating the identifiers means that any node that is able to sample such identifiers can easily predict future identifiers employed by the victim node.</t> <t> When one identifier is employed across contexts where such constancy is not needed, activity correlation is made possible. For example, employing an identifier that is constant across networks allows for node tracking across networks. </t> <t>Re-usingReusing identifiers across different layers or protocols ties the security and privacy properties of the protocolre-usingreusing the identifier to the security and privacy properties of the original identifier (over which the protocolre-usingreusing the identifier may have no control regarding its generation). Besides, whenre-usingreusing an identifier across protocols from different layers, the goal of isolating the properties of a layer fromthatthose of another layer is broken, and the vulnerability assessment may be harder toperform,perform since the combined system, rather than each protocol inisolationisolation, will have to be assessed. </t> <t> At times, a protocol needs to convey order information (whether it be sequence, timing, etc.). In many cases, there is no reason for the corresponding counter or timer to be initialized to any specificvalue e.g.value, e.g., at system bootstrap. Similarly, there may not be a need for the difference between successivecountedcounter values to beapredictable. </t> <t> A node that implements a per-context linear function may share the increment space among different contexts (please see the "SimpleHash-BasedPRF-Based Algorithm" section in <xreftarget="I-D.irtf-pearg-numeric-ids-generation"/>).target="RFC9415" format="default"/>). Sharing the same increment space allows an attacker that can sample identifiers in other contextto e.g.to, e.g., learn how many identifiers have been generated between two sampled values. </t> <t>Finally, some implementations have been found to employ flawed PRNGs(see e.g.(e.g., see <xreftarget="Klein2007"/>).</t>target="Klein2007" format="default"/>).</t> </section> <sectiontitle="Requirementsanchor="reqs" numbered="true" toc="default"> <name>Requirements for Transient NumericIdentifiers" anchor="reqs">Identifiers</name> <t>Protocol specifications that employ transient numeric identifiersMUST<bcp14>MUST</bcp14> explicitly specify the interoperability requirements for the aforementioned transient numeric identifiers (e.g., required properties such as uniqueness, along with the failure severity if suchpropertiesrequirements are not met). </t> <t>A vulnerability assessment of the aforementioned transient numeric identifiersMUST<bcp14>MUST</bcp14> be performed as part of the specification process. Such vulnerability assessment should cover, at least, spoofing, tampering, repudiation, information disclosure,denial of service,DoS, and elevation of privilege.<list style="hanging"> <t> Note: Section 8</t> <aside><t>NOTE: Sections <xref target="RFC9415" section="8" sectionFormat="bare" format="default"/> andSection 9<xref target="RFC9415" section="9" sectionFormat="bare" format="default"/> of <xreftarget="I-D.irtf-pearg-numeric-ids-generation"/>target="RFC9415" format="default"/> provide a general vulnerability assessment of transient numeric identifiers, along with a vulnerability assessment of common algorithms for generating transient numeric identifiers. Please see <xreftarget="Shostack2014"/>target="Shostack2014" format="default"/> for further guidance on threatmodelling. </t> </list> </t>modeling. </t></aside> <t>Protocol specificationsSHOULD NOT<bcp14>SHOULD NOT</bcp14> employ predictable transient numeric identifiers, except when such predictability is the result of their interoperability requirements. </t> <t>Protocol specifications that employ transient numeric identifiersSHOULD<bcp14>SHOULD</bcp14> recommend an algorithm for generating the aforementioned transient numeric identifiers that mitigates the vulnerabilities identified in the previous step, such as those discussed in <xreftarget="I-D.irtf-pearg-numeric-ids-generation"/>.</t>target="RFC9415" format="default"/>.</t> <t> As discussed in <xreftarget="intro"/>,target="intro" format="default"/>, use of cryptographic techniques for confidentiality and authentication might not eliminate all the issues associated with predictable transient numeric identifiers. Therefore, the advice from this sectionMUST<bcp14>MUST</bcp14> still be applied for cases where cryptographic techniquesare employedfor confidentiality or authenticationof the associated transient numeric identifiers.are employed. </t> </section> <sectiontitle="IANA Considerations" anchor="iana-considerations"> <t>There areanchor="iana-considerations" numbered="true" toc="default"> <name>IANA Considerations</name> <t>This document has no IANAregistries within this document. </t>actions.</t> </section> <sectiontitle="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t>This entire document is about the security and privacy implications of transient numericidentifiers,identifiers and formally updates <xreftarget="RFC3552"/>target="RFC3552" format="default"/> such that the security and privacy implications of transient numeric identifiers are addressed when writing the "Security Considerations" section of future RFCs. </t> </section><section title="Acknowledgements"> <t>The authors would like to thank Bernard Aboba, Brian Carpenter, Roman Danyliw, Theo de Raadt, Lars Eggert, Russ Housley, Benjamin Kaduk, Charlie Kaufman, Erik Kline, Alvaro Retana, Joe Touch, Michael Tuexen, Robert Wilton, and Paul Wouters, for providing valuable comments on earlier versions of this document.</t> <t>The authors would like to thank (in alphabetical order) Steven Bellovin, Joseph Lorenzo Hall, Gre Norcie, for providing valuable comments on <xref target="I-D.gont-predictable-numeric-ids"/> , on which the present document is based.</t> <t>The authors would like to thank Diego Armando Maradona for his magic and inspiration.</t> </section></middle> <back><references title='Normative References'> <?rfc include="reference.RFC.2119" ?> <?rfc include="reference.RFC.8174" ?> <!-- Sec Cons --> <?rfc include="reference.RFC.3552" ?> <!-- <?rfc include="reference.RFC.4086" ?> --> <!-- <?rfc include="reference.RFC.6151" ?> <?rfc include="reference.RFC.7098" ?> --><displayreference target="I-D.gont-predictable-numeric-ids" to="PREDICTABLE-NUMERIC-IDS"/> <references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3552.xml"/> </references><references title='Informative References'> <!-- IPv6 IIDs --> <?rfc include="reference.RFC.7721" ?> <?rfc include="reference.RFC.7217" ?> <?rfc include="reference.RFC.7707" ?> <!-- Frag IDs --> <?rfc include="reference.RFC.6274" ?> <?rfc include="reference.RFC.7739" ?><references> <name>Informative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7721.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7217.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7707.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6274.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7739.xml"/> <reference anchor="Sanfilippo1998a" target="https://seclists.org/bugtraq/1998/Dec/48"> <front> <title>about the ip header id</title> <author initials="S." surname="Sanfilippo"fullname="S.fullname="Salvatore Sanfilippo"><organization></organization><organization/> </author><date/><date month="December" year="1998"/> </front><seriesInfo name="Post<refcontent>message to the Bugtraqmailing-list," value="Mon Dec 14 1998" />mailing list</refcontent> </reference><!-- TCP sequence numbers --> <?rfc include="reference.RFC.0793" ?> <?rfc include="reference.RFC.6528" ?> <!-- TCP SEQ randomization --><xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.0793.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6528.xml"/> <reference anchor="Bellovin1989" target="https://www.cs.columbia.edu/~smb/papers/ipext.pdf"> <front> <title>Security Problems in the TCP/IP Protocol Suite</title> <author initials="S." surname="Bellovin"fullname="Bellovin"> <organization></organization>fullname="S. M. Bellovin"> <organization/> </author> <dateyear="Computermonth="April" year="1989"/> </front> <refcontent>Computer Communications Review, vol. 19, no. 2, pp.32-48, 1989"/> </front>32-48</refcontent> </reference> <reference anchor="Morris1985" target="https://pdos.csail.mit.edu/~rtm/papers/117.pdf"> <front> <title>A Weakness in the 4.2BSD UNIX TCP/IP Software</title> <author initials="R." surname="Morris" fullname="Robert Morris"><organization></organization><organization/> </author> <dateyear="1985"/>year="1985" month="February"/> </front><seriesInfo name="CSTR 117," value="AT&T<refcontent>CSTR 117, AT&T Bell Laboratories, Murray Hill,NJ"/>NJ</refcontent> </reference><!-- IPv6 --> <?rfc include="reference.RFC.2460" ?> <!-- Port randomization --> <?rfc include="reference.RFC.6056" ?><xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2460.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6056.xml"/> <reference anchor="Silbersack2005"target="http://www.silby.com/eurobsdcon05/eurobsdcon_silbersack.pdff">target="http://www.silby.com/eurobsdcon05/eurobsdcon_silbersack.pdf"> <front> <title>Improving TCP/IP security through randomization without sacrificing interoperability</title> <authorinitials="M.J."initials="M." surname="Silbersack" fullname="Michael James Silbersack"> <organization>The FreeBSD Project</organization> </author> <dateyear="2005"/>year="2005" month="January"/> </front><seriesInfo name="EuroBSDCon 2005" value="Conference"/><refcontent>EuroBSDCon 2005 Conference</refcontent> </reference><?rfc include="reference.I-D.gont-predictable-numeric-ids" ?> <!-- <?rfc include="reference.RFC.1321" ?> --> <!-- Pervasive Monitoring --> <?rfc include="reference.RFC.7258" ?> <!-- DNS --> <?rfc include="reference.RFC.1035" ?> <!-- IPv6 addresses --> <?rfc include="reference.RFC.4291" ?> <!-- PNRG --><xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.gont-predictable-numeric-ids.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7323.xml"/> <reference anchor="TCPT-uptime" target="https://seclists.org/bugtraq/2001/Mar/182"> <front> <title>TCP Timestamping - Obtaining System Uptime Remotely</title> <author initials="B." surname="McDanel" fullname="Bret McDanel"> <organization>Securiteam</organization> </author> <date month="March" year="2001"/> </front> <refcontent>message to the Bugtraq mailing list</refcontent> </reference> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7258.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.1035.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4291.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.0791.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5905.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8200.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9293.xml"/> <reference anchor="Klein2007" target="https://dl.packetstormsecurity.net/papers/attack/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf"> <front> <title>OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability</title> <author initials="A." surname="Klein" fullname="Amit Klein"> <organization>Trusteer</organization> </author> <dateyear="2007"/>year="2007" month="October"/> </front> </reference> <reference anchor="Schuba1993" target="http://ftp.cerias.purdue.edu/pub/papers/christoph-schuba/schuba-DNS-msthesis.pdf"> <front><title>ADDRESSING WEAKNESSES IN THE DOMAIN NAME SYSTEM PROTOCOL</title><title>Addressing Weakness in the Domain Name System Protocol</title> <author initials="C." surname="Schuba" fullname="Christoph Schuba"><organization></organization><organization/> </author> <dateyear="1993"/>year="1993" month="August"/> </front> </reference> <reference anchor="Shostack2014"> <front> <title>Threat Modeling: Designing for Security</title> <author initials="A." surname="Shostack" fullname="Adam Shostack"><organization></organization><organization/> </author> <date year="2014" month="February"/> </front> <refcontent>Wiley, 1st edition</refcontent> </reference> <reference anchor='RFC9414' target='https://www.rfc-editor.org/info/rfc9414'> <front> <title>Unfortunate History of Transient Numeric Identifiers</title> <author initials='F' surname='Gont' fullname='Fernando Gont'> <organization /> </author> <author initials='I' surname='Arce' fullname='Ivan Arce'> <organization /> </author> <date year='2023' month='July'/> </front> <seriesInfo name="RFC" value="9414"/> <seriesInfo name="DOI" value="10.17487/RFC9414"/> </reference> <reference anchor='RFC9415' target='https://www.rfc-editor.org/info/rfc941v'> <front> <title>On the Generation of Transient Numeric Identifiers</title> <author initials='F' surname='Gont' fullname='Fernando Gont'> <organization /> </author> <author initials='I' surname='Arce' fullname='Ivan Arce'> <organization /> </author> <dateyear="2014"/>year='2023' month='July'/> </front> <seriesInfoname="Wiley, " value="1st edition"/>name="RFC" value="9415"/> <seriesInfo name="DOI" value="10.17487/RFC9415"/> </reference><?rfc include="reference.I-D.irtf-pearg-numeric-ids-history" ?> <?rfc include="reference.I-D.irtf-pearg-numeric-ids-generation" ?><reference anchor="IANA-PROT" target="https://www.iana.org/protocols"> <front> <title>Protocol Registries</title><author initials="" surname="IANA" fullname="IANA"> <organization></organization><author> <organization>IANA</organization> </author><date/></front><!-- <seriesInfo name="" value="Federal Information Processing Standards Publication 180-4"/> --></reference> </references> </references> <section numbered="false" toc="default"> <name>Acknowledgements</name> <t>The authors would like to thank (in alphabetical order) <contact fullname="Bernard Aboba"/>, <contact fullname="Brian Carpenter"/>, <contact fullname="Roman Danyliw"/>, <contact fullname="Theo de Raadt"/>, <contact fullname="Lars Eggert"/>, <contact fullname="Russ Housley"/>, <contact fullname="Benjamin Kaduk"/>, <contact fullname="Charlie Kaufman"/>, <contact fullname="Erik Kline"/>, <contact fullname="Alvaro Retana"/>, <contact fullname="Joe Touch"/>, <contact fullname="Michael Tüxen"/>, <contact fullname="Robert Wilton"/>, and <contact fullname="Paul Wouters"/> for providing valuable comments on draft versions of this document.</t> <t>The authors would like to thank (in alphabetical order) <contact fullname="Steven Bellovin"/>, <contact fullname="Joseph Lorenzo Hall"/>, and <contact fullname="Gre Norcie"/> for providing valuable comments on <xref target="I-D.gont-predictable-numeric-ids" format="default"/>, on which the present document is based.</t> <t>The authors would like to thank <contact fullname="Diego Armando Maradona"/> for his magic and inspiration.</t> </section> </back> </rfc>