| rfc9511.original.xml | rfc9511.xml | |||
|---|---|---|---|---|
| <?xml version='1.0' encoding='utf-8'?> | <?xml version="1.0" encoding="utf-8"?> | |||
| <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> | ||||
| <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.6.5 (Ruby 2 .7.0) --> | <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.6.5 (Ruby 2 .7.0) --> | |||
| <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent"> | ||||
| <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft | <!DOCTYPE rfc [ | |||
| -ietf-opsec-probe-attribution-09" category="info" submissionType="IETF" tocInclu | <!ENTITY nbsp " "> | |||
| de="true" sortRefs="true" symRefs="true" version="3"> | <!ENTITY zwsp "​"> | |||
| <!-- xml2rfc v2v3 conversion 2.40.0 --> | <!ENTITY nbhy "‑"> | |||
| <!ENTITY wj "⁠"> | ||||
| ]> | ||||
| <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft | ||||
| -ietf-opsec-probe-attribution-09" number="9511" submissionType="IETF" category=" | ||||
| info" consensus="true" tocInclude="true" sortRefs="true" symRefs="true" updates= | ||||
| "" obsoletes="" xml:lang="en" version="3"> | ||||
| <!-- xml2rfc v2v3 conversion 2.40.0 --> | ||||
| <front> | <front> | |||
| <title abbrev="Probes Attribution">Attribution of Internet Probes</title> | <title abbrev="Attribution of Internet Probes">Attribution of Internet Probe | |||
| <seriesInfo name="Internet-Draft" value="draft-ietf-opsec-probe-attribution" | s</title> | |||
| /> | <seriesInfo name="RFC" value="9511"/> | |||
| <author initials="E." surname="Vyncke" fullname="Éric Vyncke"> | <author initials="É." surname="Vyncke" fullname="Éric Vyncke"> | |||
| <organization>Cisco</organization> | <organization>Cisco</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <street>De Kleetlaan 6A</street> | <street>De Kleetlaan 6A</street> | |||
| <city>Diegem</city> | <city>Diegem</city> | |||
| <code>1831</code> | <code>1831</code> | |||
| <country>Belgium</country> | <country>Belgium</country> | |||
| </postal> | </postal> | |||
| <email>evyncke@cisco.com</email> | <email>evyncke@cisco.com</email> | |||
| </address> | </address> | |||
| skipping to change at line 40 ¶ | skipping to change at line 48 ¶ | |||
| </author> | </author> | |||
| <author initials="J." surname="Iurman" fullname="Justin Iurman"> | <author initials="J." surname="Iurman" fullname="Justin Iurman"> | |||
| <organization>Université de Liège</organization> | <organization>Université de Liège</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <country>Belgium</country> | <country>Belgium</country> | |||
| </postal> | </postal> | |||
| <email>justin.iurman@uliege.be</email> | <email>justin.iurman@uliege.be</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <date year="2023" month="July" day="23"/> | <date year="2023" month="November"/> | |||
| <area>Operations and Management</area> | ||||
| <workgroup>Operational Security Capabilities for IP Network Infrastructure</ | <area>ops</area> | |||
| workgroup> | <workgroup>opsec</workgroup> | |||
| <keyword>Internet-Draft</keyword> | ||||
| <keyword>research</keyword> | ||||
| <keyword>measurement</keyword> | ||||
| <keyword>identification</keyword> | ||||
| <keyword>probing</keyword> | ||||
| <keyword>out-of-band</keyword> | ||||
| <keyword>in-band</keyword> | ||||
| <abstract> | <abstract> | |||
| <t>Active measurements over the public Internet can target either collabor | <t>Active measurements over the public Internet can target either collabor | |||
| ating parties or non-collaborating ones. Sometimes these measurements, also call | ating parties or non-collaborating ones. Sometimes these measurements, also call | |||
| ed probes, are viewed as unwelcome or aggressive.</t> | ed "probes", are viewed as unwelcome or aggressive.</t> | |||
| <t>This document suggests some simple techniques for a source to identify | <t>This document suggests some simple techniques for a source to identify | |||
| its probes, allowing any party or organization to understand what an unsolicited | its probes. This allows any party or organization to understand what an unsolici | |||
| probe packet is, what its purpose is, and more importantly who to contact. The | ted probe packet is, what its purpose is, and, most importantly, who to contact. | |||
| technique relies on off-line analysis of the probe, therefore it does not requir | The technique relies on offline analysis of the probe; therefore, it does not r | |||
| e any change in the data or control plane. It has been designed mainly for layer | equire any change in the data or control plane. It has been designed mainly for | |||
| -3 measurements.</t> | layer 3 measurements.</t> | |||
| </abstract> | </abstract> | |||
| <note removeInRFC="true"> | ||||
| <name>About This Document</name> | ||||
| <t> | ||||
| The latest revision of this draft can be found at <eref target="https:// | ||||
| evyncke.github.io/opsec-probe-attribution/draft-ietf-opsec-probe-attribution.htm | ||||
| l"/>. | ||||
| Status information for this document may be found at <eref target="https | ||||
| ://datatracker.ietf.org/doc/draft-ietf-opsec-probe/"/>. | ||||
| </t> | ||||
| <t> | ||||
| Discussion of this document takes place on the | ||||
| Operational Security Capabilities for IP Network Infrastructure Working | ||||
| Group mailing list (<eref target="mailto:opsec@ietf.org"/>), | ||||
| which is archived at <eref target="https://mailarchive.ietf.org/arch/bro | ||||
| wse/opsec/"/>. | ||||
| </t> | ||||
| <t>Source for this draft and an issue tracker can be found at | ||||
| <eref target="https://github.com/evyncke/opsec-probe-attribution"/>.</t> | ||||
| </note> | ||||
| </front> | </front> | |||
| <middle> | <middle> | |||
| <section anchor="introduction"> | <section anchor="introduction"> | |||
| <name>Introduction</name> | <name>Introduction</name> | |||
| <t>Many measurement researches (<xref target="LARGE_SCALE"/>, <xref target | <t>Most measurement research (e.g., <xref target="LARGE_SCALE"/>, <xref ta | |||
| ="RFC7872"/>, and <xref target="I-D.draft-vyncke-v6ops-james"/>) are about sendi | rget="RFC7872"/>, and <xref target="I-D.vyncke-v6ops-james"/>) is about sending | |||
| ng IP packets (sometimes with extension headers or layer-4 headers) over the pub | IP packets (sometimes with extension headers or layer 4 headers) over the public | |||
| lic Internet and those packets can be destined to either collaborating parties o | Internet, and those packets can be destined to either collaborating parties or | |||
| r non-collaborating ones. Such packets are called probes in this document.</t> | non-collaborating ones. Such packets are called "probes" in this document.</t> | |||
| <t>Sending unsolicited probes should obviously be done at a rate low enoug | <t>Sending unsolicited probes should obviously be done at a rate low enoug | |||
| h to not unduly impact the other parties' resources. But even at a low rate, tho | h to not unduly impact the other parties' resources. But even at a low rate, tho | |||
| se probes could trigger an alarm that will request some investigations by either | se probes could trigger an alarm that will request some investigations by either | |||
| the party receiving the probe (i.e., when the probe destination address is one | the party receiving the probe (i.e., when the probe destination address is one | |||
| address assigned to the receiving party) or by a third party having some devices | address assigned to the receiving party) or a third party having some devices th | |||
| through which those probes are transiting (e.g., an Internet transit router). T | rough which those probes are transiting (e.g., an Internet transit router). The | |||
| he investigation will be done off-line by using packet captures, therefore the p | investigation will be done offline by using packet captures; therefore, probe at | |||
| robe attribution does not require any change in the data or control planes.</t> | tribution does not require any change in the data or control planes.</t> | |||
| <t>This document suggests some simple techniques for a source to identify | <t>This document suggests some simple techniques for a source to identify | |||
| its probes, allowing any party or organization to understand:</t> | its probes. This allows any party or organization to understand:</t> | |||
| <ul spacing="normal"> | <ul spacing="normal"> | |||
| <li>what an unsolicited probe packet is,</li> | <li>what an unsolicited probe packet is,</li> | |||
| <li>what its purpose is,</li> | <li>what its purpose is, and</li> | |||
| <li>and more importantly who to contact for further information.</li> | <li>most importantly, who to contact for further information.</li> | |||
| </ul> | </ul> | |||
| <t>It is expected that only researchers with good intentions will use thes e techniques, although anyone might use them. This is discussed in <xref target= "security"/>.</t> | <t>It is expected that only researchers with good intentions will use thes e techniques, although anyone might use them. This is discussed in <xref target= "security"/>.</t> | |||
| <t>While the technique could be used to mark measurements done at any laye r of the protocol stack, it is mainly designed to work for measurements done at layer 3 (and its associated options or extension headers).</t> | <t>While the technique could be used to mark measurements done at any laye r of the protocol stack, it is mainly designed to work for measurements done at layer 3 (and its associated options or extension headers).</t> | |||
| </section> | </section> | |||
| <section anchor="probe-description"> | <section anchor="probe-description"> | |||
| <name>Probe Description</name> | <name>Probe Description</name> | |||
| <t>This section provides a way for a source to describe (i.e., to identify ) its probes.</t> | <t>This section provides a way for a source to describe (i.e., to identify ) its probes.</t> | |||
| <section anchor="uri"> | <section anchor="uri"> | |||
| <name>Probe Description URI</name> | <name>Probe Description URI</name> | |||
| <t>This document defines a Probe Description URI as a URI pointing to ei ther:</t> | <t>This document defines a Probe Description URI as a URI pointing to on e of the following:</t> | |||
| <ul spacing="normal"> | <ul spacing="normal"> | |||
| <li>a Probe Description File (see <xref target="file"/>) as defined in <xref target="iana"/>, e.g., "https://example.net/.well-known/probing.txt";</li > | <li>a Probe Description File (see <xref target="file"/>) as defined in <xref target="iana"/>, e.g., "https://example.net/.well-known/probing.txt";</li > | |||
| <li>an email address, e.g., "mailto:lab@example.net";</li> | <li>an email address, e.g., "mailto:lab@example.net"; or</li> | |||
| <li>a phone number, e.g., "tel:+1-201-555-0123".</li> | <li>a phone number, e.g., "tel:+1-201-555-0123".</li> | |||
| </ul> | </ul> | |||
| </section> | </section> | |||
| <section anchor="file"> | <section anchor="file"> | |||
| <name>Probe Description File</name> | <name>Probe Description File</name> | |||
| <t>As defined in <xref target="iana"/>, the Probe Description File must be made available at "/.well-known/probing.txt". The Probe Description File must follow the format defined in section 4 of <xref target="RFC9116"/> and should c ontain the following fields defined in section 2 of <xref target="RFC9116"/>:</t > | <t>As defined in <xref target="iana"/>, the Probe Description File must be made available at "/.well-known/probing.txt". The Probe Description File must follow the format defined in <xref target="RFC9116" section="4" sectionFormat=" of" /> and should contain the following fields defined in <xref target="RFC9116" section="2" sectionFormat="of" />:</t> | |||
| <ul spacing="normal"> | <ul spacing="normal"> | |||
| <li>Canonical</li> | <li>Canonical</li> | |||
| <li>Contact</li> | <li>Contact</li> | |||
| <li>Expires</li> | <li>Expires</li> | |||
| <li>Preferred-Languages</li> | <li>Preferred-Languages</li> | |||
| </ul> | </ul> | |||
| <t>A new field "Description" should also be included to describe the mea surement. To match the format defined in section 4 of <xref target="RFC9116"/>, this field must be a one-line string with no line break.</t> | <t>A new field "Description" should also be included to describe the mea surement. To match the format defined in <xref target="RFC9116" section="4" sect ionFormat="of" />, this field must be a one-line string with no line break.</t> | |||
| <section anchor="example"> | <section anchor="example"> | |||
| <name>Example</name> | <name>Example</name> | |||
| <artwork><![CDATA[ | <artwork><![CDATA[ | |||
| # Canonical URI (if any) | # Canonical URI (if any) | |||
| Canonical: https://example.net/measurement.txt | Canonical: https://example.net/measurement.txt | |||
| # Contact address | # Contact address | |||
| Contact: mailto:lab@example.net | Contact: mailto:lab@example.net | |||
| # Validity | # Validity | |||
| skipping to change at line 121 ¶ | skipping to change at line 123 ¶ | |||
| # Languages | # Languages | |||
| Preferred-Languages: en, es, fr | Preferred-Languages: en, es, fr | |||
| # Probes description | # Probes description | |||
| Description: This is a one-line string description of the probes. | Description: This is a one-line string description of the probes. | |||
| ]]></artwork> | ]]></artwork> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="out-of-band-probe-attribution"> | <section anchor="out-of-band-probe-attribution"> | |||
| <name>Out-of-band Probe Attribution</name> | <name>Out-of-Band Probe Attribution</name> | |||
| <t>A possibility for probe attribution is to build a specific URI based on the source address of the probe packet, following <xref target="RFC8615"/>. For example, with a probe source address 2001:db8:dead::1, the following URI is bui lt:</t> | <t>A possibility for probe attribution is to build a specific URI based on the source address of the probe packet, following <xref target="RFC8615"/>. For example, with a probe source address 2001:db8:dead::1, the following URI is bui lt:</t> | |||
| <ul spacing="normal"> | <ul spacing="normal"> | |||
| <li>if the reverse DNS record for 2001:db8:dead::1 exists, e.g., "exampl | <li>If the reverse DNS record for 2001:db8:dead::1 exists, e.g., "exampl | |||
| e.net", then the Probe Description URI is "https://example.net/.well-known/probi | e.net", then the Probe Description URI is "https://example.net/.well-known/probi | |||
| ng.txt". There should be only one reverse DNS record; otherwise, the Probe Descr | ng.txt". There should be only one reverse DNS record; otherwise, the Probe Descr | |||
| iption File should also exist for all reverse DNS records and be identical;</li> | iption File should also exist for all reverse DNS records and be identical.</li> | |||
| <li>else (or in addition), the Probe Description URI is "https://[2001:d | <li>Else (or in addition), the Probe Description URI is "https://[2001:d | |||
| b8:dead::1]/.well-known/probing.txt".</li> | b8:dead::1]/.well-known/probing.txt".</li> | |||
| </ul> | </ul> | |||
| <t>The built URI must be a reference to the Probe Description File (see <x ref target="file"/>).</t> | <t>The built URI must be a reference to the Probe Description File (see <x ref target="file"/>).</t> | |||
| <t>As an example, the UK National Cyber Security Centre <xref target="NCSC "/> uses a similar attribution. They scan for vulnerabilities across internet-co nnected systems in the UK and publish information on their scanning (<xref targe t="NCSC_SCAN_INFO"/>), providing the address of the webpage in reverse DNS.</t> | <t>As an example, the UK National Cyber Security Centre <xref target="NCSC "/> uses a similar attribution. They scan for vulnerabilities across Internet-co nnected systems in the UK and publish information on their scanning <xref target ="NCSC_SCAN_INFO"/>, providing the address of the web page in reverse DNS.</t> | |||
| </section> | </section> | |||
| <section anchor="in-band-probe-attribution"> | <section anchor="in-band-probe-attribution"> | |||
| <name>In-band Probe Attribution</name> | <name>In-Band Probe Attribution</name> | |||
| <t>Another possibility for probe attribution is to include a Probe Descrip tion URI in the probe itself. Here is a non-exhaustive list of examples:</t> | <t>Another possibility for probe attribution is to include a Probe Descrip tion URI in the probe itself. Here is a non-exhaustive list of examples:</t> | |||
| <ul spacing="normal"> | <ul spacing="normal"> | |||
| <li>For an ICMPv6 echo request <xref target="RFC4443"/>, include it in t | <li>For an ICMPv6 echo request <xref target="RFC4443"/>, include it in t | |||
| he data field;</li> | he data field.</li> | |||
| <li>For an ICMPv4 echo request <xref target="RFC792"/>, include it in th | <li>For an ICMPv4 echo request <xref target="RFC0792"/>, include it in t | |||
| e data field;</li> | he data field.</li> | |||
| <li>For a UDP datagram <xref target="RFC768"/>, include it in the data p | <li>For a UDP datagram <xref target="RFC0768"/>, include it in the data | |||
| ayload if there is no upper-layer protocol after the transport layer;</li> | payload if there is no upper-layer protocol after the transport layer.</li> | |||
| <li>For a TCP segment <xref target="RFC9293"/>, include it in the data p | <li>For a TCP segment <xref target="RFC9293"/>, include it in the data p | |||
| ayload if there is no upper-layer protocol after the transport layer;</li> | ayload if there is no upper-layer protocol after the transport layer.</li> | |||
| <li>For an IPv6 packet <xref target="RFC8200"/>, include it in a PadN op | <li>For an IPv6 packet <xref target="RFC8200"/>, include it in a PadN op | |||
| tion either inside a Hop-by-Hop or Destination Options header.</li> | tion inside either a Hop-by-Hop or Destination Options header.</li> | |||
| </ul> | </ul> | |||
| <t>The Probe Description URI must start at the first octet of the payload | <t>The Probe Description URI must start at the first octet of the payload | |||
| and must be terminated by an octet of 0x00, i.e., it must be null terminated. If | and must be terminated by an octet of 0x00, i.e., it must be null terminated. If | |||
| the Probe Description URI cannot be placed at the beginning of the payload, the | the Probe Description URI cannot be placed at the beginning of the payload, the | |||
| n it must be preceded by an octet of 0x00. Inserting the Probe Description URI c | n it must be preceded by an octet of 0x00. Inserting the Probe Description URI c | |||
| ould obviously bias the measurement itself if the probe packet becomes larger th | ould obviously bias the measurement itself if the probe packet becomes larger th | |||
| an the path MTU. Some examples are given in the appendix <xref target="examples" | an the path MTU. Some examples are given in <xref target="examples"/>.</t> | |||
| />.</t> | <t>Using a magic string (i.e., a unique, special opaque marker) to signal | |||
| <t>Note: using a magic string (i.e., a unique special opaque marker) to si | the presence of the Probe Description URI is not recommended as some transit nod | |||
| gnal the presence of the Probe Description URI is not recommended as some transi | es could apply different processing for packets containing this magic string.</t | |||
| t nodes could apply a different processing for packets containing this magic str | > | |||
| ing.</t> | <t>For the record, in-band probe attribution was used in <xref target="I-D | |||
| <t>For the record, the in-band probe attribution was used in <xref target= | .vyncke-v6ops-james"/>.</t> | |||
| "I-D.draft-vyncke-v6ops-james"/>.</t> | ||||
| </section> | </section> | |||
| <section anchor="operational-and-technical-considerations"> | <section anchor="operational-and-technical-considerations"> | |||
| <name>Operational and Technical Considerations</name> | <name>Operational and Technical Considerations</name> | |||
| <t>Using either the out-of-band or in-band technique, or even both combine | <t>Using either the out-of-band or in-band technique, or even both combine | |||
| d, highly depends on intent or context. This section describes the upsides and d | d, highly depends on intent or context. This section describes the upsides and d | |||
| ownsides of each technique, so that probe owners or probe makers can freely deci | ownsides of each technique so that probe owners or probe makers can freely decid | |||
| de what works best for their cases.</t> | e what works best for their cases.</t> | |||
| <t>The advantages of using the out-of-band technique are that the probing | <t>The advantages of using the out-of-band technique are that the probing | |||
| measurement is not impacted by the probe attribution but also that it is easy to | measurement is not impacted by probe attribution and that it is easy to set up, | |||
| set up, i.e., by running a web server on a probe device to describe the measure | i.e., by running a web server on a probe device to describe the measurements. Un | |||
| ments. Unfortunately, there are some disadvantages too. In some cases, using the | fortunately, there are some disadvantages too. In some cases, using the out-of-b | |||
| out-of-band technique might not be possible due to several conditions: the pres | and technique might not be possible due to several conditions: the presence of a | |||
| ence of a NAT, too many endpoints to run a web server on, the probe source IP ad | NAT, too many endpoints to run a web server on, the probe source IP address can | |||
| dress cannot be known (e.g., RIPE Atlas <xref target="RIPE_ATLAS"/> probes are s | not be known (e.g., RIPE Atlas <xref target="RIPE_ATLAS"/> probes are sent from | |||
| ent from IP addresses not owned by the probe owner), dynamic source addresses, e | IP addresses not owned by the probe owner), dynamic source addresses, etc.</t> | |||
| tc.</t> | <t>The primary advantage of using the in-band technique is that it covers | |||
| <t>The primary advantage of using the in-band technique is that it covers | the cases where the out-of-band technique is not feasible (as described above). | |||
| the cases where the out-of-band technique is not feasible (as described above). | The primary disadvantage is that it could potentially bias the measurements, sin | |||
| The primary disadvantage is that it could potentially bias the measurements, sin | ce packets with the Probe Description URI might be discarded. For example, data | |||
| ce packets with the Probe Description URI might be discarded. For example, data | is allowed in TCP segments with the SYN flag <xref target="RFC9293"/> but may ch | |||
| is allowed in TCP segments with the SYN flag (<xref target="RFC9293"/>) but may | ange the way they are processed, i.e., TCP segments with the SYN flag containing | |||
| change the way they are processed, i.e., TCP segments with the SYN flag containi | the Probe Description URI might be discarded. Another example is the Probe Desc | |||
| ng the Probe Description URI might be discarded. Another example is the Probe De | ription URI included in a Hop-by-Hop or Destination Options header inside a PadN | |||
| scription URI included in a Hop-by-Hop or Destination Options header, inside a P | option. <xref target="RFC4942" section="2.1.9.5" sectionFormat="of" /> (an Info | |||
| adN option. As per the informational <xref target="RFC4942"/>, section 2.1.9.5, | rmational RFC) suggests that a PadN option should only contain 0s and be smaller | |||
| it is suggested that a PadN option should only contain 0's and be smaller than 8 | than 8 octets, thus limiting its use for probe attribution. If a PadN option do | |||
| octets, thus limiting its use for probe attribution. If a PadN option does not | es not respect the recommendation, it is suggested that one may consider droppin | |||
| respect the recommendation, it is suggested that one may consider dropping such | g such packets. For example, since version 3.5, the Linux Kernel follows these | |||
| packets. For example, the Linux Kernel follows these recommendations and discard | recommendations and discards such packets.</t> | |||
| s such packets since its version 3.5;</t> | ||||
| <t>Having both the out-of-band and in-band techniques combined also has a big advantage, i.e., it could be used as an indirect means of "authenticating" t he Probe Description URI in the in-band probe, thanks to a correlation with the out-of-band technique (e.g., a reverse DNS lookup). While the out-of-band techni que alone is less prone to spoofing, the combination with the in-band technique offers a more complete solution.</t> | <t>Having both the out-of-band and in-band techniques combined also has a big advantage, i.e., it could be used as an indirect means of "authenticating" t he Probe Description URI in the in-band probe, thanks to a correlation with the out-of-band technique (e.g., a reverse DNS lookup). While the out-of-band techni que alone is less prone to spoofing, the combination with the in-band technique offers a more complete solution.</t> | |||
| </section> | </section> | |||
| <section anchor="ethical-considerations"> | <section anchor="ethical-considerations"> | |||
| <name>Ethical Considerations</name> | <name>Ethical Considerations</name> | |||
| <t>Executing measurement experiences over the global Internet obviously re quires ethical consideration, which is discussed in <xref target="ANRW_PAPER"/>, especially when unsolicited transit or destination parties are involved.</t> | <t>Executing measurement experiences over the global Internet obviously re quires ethical consideration, which is discussed in <xref target="ANRW_PAPER"/>, especially when unsolicited transit or destination parties are involved.</t> | |||
| <t>This document proposes a common way to identify the source and the purp ose of active probing in order to reduce the potential burden on the unsolicited parties.</t> | <t>This document proposes a common way to identify the source and the purp ose of active probing in order to reduce the potential burden on the unsolicited parties.</t> | |||
| <t>But there are other considerations to be taken into account: from the p ayload content (e.g., is the encoding valid?) to the transmission rate (see also <xref target="IPV6_TOPOLOGY"/> and <xref target="IPV4_TOPOLOGY"/> for some prob ing speed impacts). Those considerations are out of scope of this document.</t> | <t>But there are other considerations to be taken into account, from the p ayload content (e.g., is the encoding valid?) to the transmission rate (see also <xref target="IPV6_TOPOLOGY"/> and <xref target="IPV4_TOPOLOGY"/> for some prob ing speed impacts). Those considerations are out of scope of this document.</t> | |||
| </section> | </section> | |||
| <section anchor="security"> | <section anchor="security"> | |||
| <name>Security Considerations</name> | <name>Security Considerations</name> | |||
| <t>This document proposes simple techniques for probe attribution. It is e | <t>This document proposes simple techniques for probe attribution. It is e | |||
| xpected that only ethical researchers would use them, which would simplify and r | xpected that only ethical researchers would use them, which would simplify and r | |||
| educe the time to identify probes across the Internet. In fact, these techniques | educe the time to identify probes across the Internet. In fact, these techniques | |||
| could be used by anyone, malicious or not, which means that the information obt | could be used by anyone, malicious or not, which means that the information obt | |||
| ained cannot be blindly trusted. Using these techniques should not mean that a p | ained cannot be blindly trusted. Using these techniques should not mean that a p | |||
| robe can be trusted. Instead, it should be considered as a solution for third pa | robe can be trusted. Instead, third parties should use this solution to potentia | |||
| rties to potentially understand the origin and context of such probes. This solu | lly understand the origin and context of such probes. This solution is not perfe | |||
| tion is not perfect but it provides a way for probe attribution, which is better | ct, but it provides a way for probe attribution, which is better than no solutio | |||
| than no solution at all.</t> | n at all.</t> | |||
| <t>The probe attribution is provided to identify the source and intent of | <t>Probe attribution is provided to identify the source and intent of spec | |||
| specific probes, but there is no authentication possible for the inline informat | ific probes, but there is no authentication possible for the inline information. | |||
| ion. Therefore, a malevolent actor could provide false information while conduc | Therefore, a malevolent actor could provide false information while conducting | |||
| ting the probes, or spoof them, so that the action is attributed to a third part | the probes or spoof them so that the action is attributed to a third party. In | |||
| y. In that case, not only would this third party be wrongly accused, but it migh | that case, not only would this third party be wrongly accused, but it might also | |||
| t also be exposed to unwanted solicitations (e.g., angry emails or phone calls, | be exposed to unwanted solicitations (e.g., angry emails or phone calls if the | |||
| if the malevolent actor used someone else's email address or phone number). As a | malevolent actor used someone else's email address or phone number). As a conseq | |||
| consequence, the recipient of this information cannot trust it without confirma | uence, the recipient of this information cannot trust it without confirmation. | |||
| tion. If a recipient cannot confirm the information or does not wish to do so, | If a recipient cannot confirm the information or does not wish to do so, it shou | |||
| it should treat the flows as if there were no probe attribution. Note that using | ld treat the flows as if there were no probe attribution. Note that using probe | |||
| the probe attribution do not create a new DDoS vector since there is no expecta | attribution does not create a new DDoS vector since there is no expectation that | |||
| tion that third parties would automatically confirm the information obtained.</t | third parties would automatically confirm the information obtained.</t> | |||
| > | <t>As the Probe Description URI is transmitted in the clear and as the Pro | |||
| <t>As the Probe Description URI is transmitted in the clear and as the Pro | be Description File is publicly readable, Personally Identifiable Information (P | |||
| be Description File is publicly readable, Personally Identifiable Information (P | II) should not be used for an email address and a phone number; a generic or gro | |||
| II) should not be used for email address and phone number; a generic or group em | up email address and phone number should be preferred. Also, the Probe Descripti | |||
| ail address and phone number should be preferred. Also, the Probe Description Fi | on File could contain malicious data (e.g., links) and therefore should not be b | |||
| le could contain malicious data (e.g., links) and therefore should not be blindl | lindly trusted.</t> | |||
| y trusted.</t> | ||||
| </section> | </section> | |||
| <section anchor="iana"> | <section anchor="iana"> | |||
| <name>IANA Considerations</name> | <name>IANA Considerations</name> | |||
| <t>The "Well-Known URIs" registry should be updated with the following add | <t>IANA has added the following URI suffix to the "Well-Known URIs" regist | |||
| itional values (using the template from <xref target="RFC8615"/>):</t> | ry in accordance with <xref target="RFC8615"/>:</t> | |||
| <ul spacing="normal"> | <dl newline="false" spacing="normal"> | |||
| <li>URI suffix: probing.txt</li> | <dt>URI Suffix:</dt> <dd>probing.txt</dd> | |||
| <li>Change controller: IETF</li> | <dt>Change Controller:</dt> <dd>IETF</dd> | |||
| <li>Specification document(s): this document</li> | <dt>Reference:</dt> <dd>RFC 9511</dd> | |||
| <li>Status: permanent</li> | <dt>Status:</dt> <dd>permanent</dd> | |||
| </ul> | </dl> | |||
| </section> | </section> | |||
| </middle> | </middle> | |||
| <back> | <back> | |||
| <displayreference target="I-D.vyncke-v6ops-james" to="JAMES"/> | ||||
| <references> | <references> | |||
| <name>References</name> | <name>References</name> | |||
| <references> | <references> | |||
| <name>Normative References</name> | <name>Normative References</name> | |||
| <reference anchor="RFC9116"> | ||||
| <front> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9116.xml" | |||
| <title>A File Format to Aid in Security Vulnerability Disclosure</ti | /> | |||
| tle> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8615.xml" | |||
| <seriesInfo name="DOI" value="10.17487/RFC9116"/> | /> | |||
| <seriesInfo name="RFC" value="9116"/> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4443.xml" | |||
| <author fullname="E. Foudil" initials="E." surname="Foudil"/> | /> | |||
| <author fullname="Y. Shafranovich" initials="Y." surname="Shafranovi | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.0792.xml" | |||
| ch"/> | /> | |||
| <date month="April" year="2022"/> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.0768.xml" | |||
| <abstract> | /> | |||
| <t>When security vulnerabilities are discovered by researchers, pr | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9293.xml" | |||
| oper reporting channels are often lacking. As a result, vulnerabilities may be l | /> | |||
| eft unreported. This document defines a machine-parsable format ("security.txt") | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8200.xml" | |||
| to help organizations describe their vulnerability disclosure practices to make | /> | |||
| it easier for researchers to report vulnerabilities.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| </reference> | ||||
| <reference anchor="RFC8615"> | ||||
| <front> | ||||
| <title>Well-Known Uniform Resource Identifiers (URIs)</title> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8615"/> | ||||
| <seriesInfo name="RFC" value="8615"/> | ||||
| <author fullname="M. Nottingham" initials="M." surname="Nottingham"/ | ||||
| > | ||||
| <date month="May" year="2019"/> | ||||
| <abstract> | ||||
| <t>This memo defines a path prefix for "well-known locations", "/. | ||||
| well-known/", in selected Uniform Resource Identifier (URI) schemes.</t> | ||||
| <t>In doing so, it obsoletes RFC 5785 and updates the URI schemes | ||||
| defined in RFC 7230 to reserve that space. It also updates RFC 7595 to track URI | ||||
| schemes that support well-known URIs in their registry.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| </reference> | ||||
| <reference anchor="RFC4443"> | ||||
| <front> | ||||
| <title>Internet Control Message Protocol (ICMPv6) for the Internet P | ||||
| rotocol Version 6 (IPv6) Specification</title> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC4443"/> | ||||
| <seriesInfo name="RFC" value="4443"/> | ||||
| <seriesInfo name="STD" value="89"/> | ||||
| <author fullname="A. Conta" initials="A." surname="Conta"/> | ||||
| <author fullname="S. Deering" initials="S." surname="Deering"/> | ||||
| <author fullname="M. Gupta" initials="M." role="editor" surname="Gup | ||||
| ta"/> | ||||
| <date month="March" year="2006"/> | ||||
| <abstract> | ||||
| <t>This document describes the format of a set of control messages | ||||
| used in ICMPv6 (Internet Control Message Protocol). ICMPv6 is the Internet Cont | ||||
| rol Message Protocol for Internet Protocol version 6 (IPv6). [STANDARDS-TRACK]</ | ||||
| t> | ||||
| </abstract> | ||||
| </front> | ||||
| </reference> | ||||
| <reference anchor="RFC792"> | ||||
| <front> | ||||
| <title>Internet Control Message Protocol</title> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC0792"/> | ||||
| <seriesInfo name="RFC" value="792"/> | ||||
| <seriesInfo name="STD" value="5"/> | ||||
| <author fullname="J. Postel" initials="J." surname="Postel"/> | ||||
| <date month="September" year="1981"/> | ||||
| </front> | ||||
| </reference> | ||||
| <reference anchor="RFC768"> | ||||
| <front> | ||||
| <title>User Datagram Protocol</title> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC0768"/> | ||||
| <seriesInfo name="RFC" value="768"/> | ||||
| <seriesInfo name="STD" value="6"/> | ||||
| <author fullname="J. Postel" initials="J." surname="Postel"/> | ||||
| <date month="August" year="1980"/> | ||||
| </front> | ||||
| </reference> | ||||
| <reference anchor="RFC9293"> | ||||
| <front> | ||||
| <title>Transmission Control Protocol (TCP)</title> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC9293"/> | ||||
| <seriesInfo name="RFC" value="9293"/> | ||||
| <seriesInfo name="STD" value="7"/> | ||||
| <author fullname="W. Eddy" initials="W." role="editor" surname="Eddy | ||||
| "/> | ||||
| <date month="August" year="2022"/> | ||||
| <abstract> | ||||
| <t>This document specifies the Transmission Control Protocol (TCP) | ||||
| . TCP is an important transport-layer protocol in the Internet protocol stack, a | ||||
| nd it has continuously evolved over decades of use and growth of the Internet. O | ||||
| ver this time, a number of changes have been made to TCP as it was specified in | ||||
| RFC 793, though these have only been documented in a piecemeal fashion. This doc | ||||
| ument collects and brings those changes together with the protocol specification | ||||
| from RFC 793. This document obsoletes RFC 793, as well as RFCs 879, 2873, 6093, | ||||
| 6429, 6528, and 6691 that updated parts of RFC 793. It updates RFCs 1011 and 11 | ||||
| 22, and it should be considered as a replacement for the portions of those docum | ||||
| ents dealing with TCP requirements. It also updates RFC 5961 by adding a small c | ||||
| larification in reset handling while in the SYN-RECEIVED state. The TCP header c | ||||
| ontrol bits from RFC 793 have also been updated based on RFC 3168.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| </reference> | ||||
| <reference anchor="RFC8200"> | ||||
| <front> | ||||
| <title>Internet Protocol, Version 6 (IPv6) Specification</title> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8200"/> | ||||
| <seriesInfo name="RFC" value="8200"/> | ||||
| <seriesInfo name="STD" value="86"/> | ||||
| <author fullname="S. Deering" initials="S." surname="Deering"/> | ||||
| <author fullname="R. Hinden" initials="R." surname="Hinden"/> | ||||
| <date month="July" year="2017"/> | ||||
| <abstract> | ||||
| <t>This document specifies version 6 of the Internet Protocol (IPv | ||||
| 6). It obsoletes RFC 2460.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| </reference> | ||||
| </references> | </references> | |||
| <references> | <references> | |||
| <name>Informative References</name> | <name>Informative References</name> | |||
| <reference anchor="LARGE_SCALE" target="https://dl.acm.org/doi/pdf/10.11 45/1071690.1064256"> | <reference anchor="LARGE_SCALE" target="https://dl.acm.org/doi/pdf/10.11 45/1071690.1064256"> | |||
| <front> | <front> | |||
| <title>Efficient Algorithms for Large-Scale Topology Discovery</titl e> | <title>Efficient Algorithms for Large-Scale Topology Discovery</titl e> | |||
| <seriesInfo name="DOI" value="10.1145/1071690.1064256"/> | <seriesInfo name="DOI" value="10.1145/1071690.1064256"/> | |||
| <author initials="B." surname="Donnet" fullname="Benoît Donnet"> | <author initials="B." surname="Donnet" fullname="Benoît Donnet"> | |||
| <organization>Université Pierre & Marie Curie Laboratoire LiP6 –CNRS</organization> | <organization>Université Pierre & Marie Curie Laboratoire LiP6 -CNRS</organization> | |||
| </author> | </author> | |||
| <author initials="P." surname="Raoult" fullname="Philippe Raoult"> | <author initials="P." surname="Raoult" fullname="Philippe Raoult"> | |||
| <organization>Université Pierre & Marie Curie Laboratoire LiP6 –CNRS</organization> | <organization>Université Pierre & Marie Curie Laboratoire LiP6 -CNRS</organization> | |||
| </author> | </author> | |||
| <author initials="T." surname="Friedman" fullname="Timur Friedman"> | <author initials="T." surname="Friedman" fullname="Timur Friedman"> | |||
| <organization>Université Pierre & Marie Curie Laboratoire LiP6 –CNRS</organization> | <organization>Université Pierre & Marie Curie Laboratoire LiP6 -CNRS</organization> | |||
| </author> | </author> | |||
| <author initials="M." surname="Crovella" fullname="Mark Crovella"> | <author initials="M." surname="Crovella" fullname="Mark Crovella"> | |||
| <organization>Boston University Computer Science Department</organ ization> | <organization>Boston University Computer Science Department</organ ization> | |||
| </author> | </author> | |||
| <date year="2005"/> | <date year="2005" month="June"/> | |||
| </front> | </front> | |||
| <seriesInfo name="DOI" value="10.1145/1071690.1064256"/> | ||||
| </reference> | </reference> | |||
| <reference anchor="IPV6_TOPOLOGY" target="http://www.cmand.org/papers/be holder-imc18.pdf"> | <reference anchor="IPV6_TOPOLOGY" target="http://www.cmand.org/papers/be holder-imc18.pdf"> | |||
| <front> | <front> | |||
| <title>In the IP of the Beholder Strategies for Active IPv6 Topology | <title>In the IP of the Beholder: Strategies for Active IPv6 Topolog | |||
| Discovery</title> | y Discovery</title> | |||
| <seriesInfo name="DOI" value="10.1145/3278532.3278559"/> | ||||
| <author initials="R." surname="Beverly" fullname="Robert Beverly"> | <author initials="R." surname="Beverly" fullname="Robert Beverly"> | |||
| <organization>Naval Postgraduate School</organization> | <organization>Naval Postgraduate School</organization> | |||
| </author> | </author> | |||
| <author initials="R." surname="Durairajan" fullname="Ramakrishnan Du rairajan"> | <author initials="R." surname="Durairajan" fullname="Ramakrishnan Du rairajan"> | |||
| <organization>University of Oregon</organization> | <organization>University of Oregon</organization> | |||
| </author> | </author> | |||
| <author initials="D." surname="Plonka" fullname="David Plonka"> | <author initials="D." surname="Plonka" fullname="David Plonka"> | |||
| <organization>Akamai Technologies</organization> | <organization>Akamai Technologies</organization> | |||
| </author> | </author> | |||
| <author initials="J. P." surname="Rohrer" fullname="Justin P. Rohrer "> | <author initials="J." surname="Rohrer" fullname="Justin P. Rohrer"> | |||
| <organization>Naval Postgraduate School</organization> | <organization>Naval Postgraduate School</organization> | |||
| </author> | </author> | |||
| <date year="2018"/> | <date year="2018" month="October"/> | |||
| </front> | </front> | |||
| <seriesInfo name="DOI" value="10.1145/3278532.3278559"/> | ||||
| </reference> | </reference> | |||
| <reference anchor="IPV4_TOPOLOGY" target="http://www.cmand.org/papers/ya rrp-imc16.pdf"> | <reference anchor="IPV4_TOPOLOGY" target="http://www.cmand.org/papers/ya rrp-imc16.pdf"> | |||
| <front> | <front> | |||
| <title>Yarrp'ing the Internet Randomized High-Speed Active Topology | <title>Yarrp'ing the Internet: Randomized High-Speed Active Topology | |||
| Discovery</title> | Discovery</title> | |||
| <seriesInfo name="DOI" value="10.1145/2987443.2987479"/> | ||||
| <author initials="R." surname="Beverly" fullname="Robert Beverly"> | <author initials="R." surname="Beverly" fullname="Robert Beverly"> | |||
| <organization>Naval Postgraduate School</organization> | <organization>Naval Postgraduate School</organization> | |||
| </author> | </author> | |||
| <date year="2016"/> | <date year="2016" month="November"/> | |||
| </front> | </front> | |||
| <seriesInfo name="DOI" value="10.1145/2987443.2987479"/> | ||||
| </reference> | </reference> | |||
| <reference anchor="RIPE_ATLAS" target="https://atlas.ripe.net/"> | <reference anchor="RIPE_ATLAS" target="https://atlas.ripe.net/"> | |||
| <front> | <front> | |||
| <title>RIPE Atlas</title> | <title>RIPE Atlas</title> | |||
| <author> | <author> | |||
| <organization/> | <organization>RIPE Network Coordination Centre (RIPE NCC)</organiz ation> | |||
| </author> | </author> | |||
| <date>n.d.</date> | ||||
| </front> | </front> | |||
| </reference> | </reference> | |||
| <reference anchor="NCSC" target="https://www.ncsc.gov.uk/"> | <reference anchor="NCSC" target="https://www.ncsc.gov.uk/"> | |||
| <front> | <front> | |||
| <title>The National Cyber Security Centre</title> | <title>The National Cyber Security Centre</title> | |||
| <author> | <author> | |||
| <organization/> | <organization>UK NCSC</organization> | |||
| </author> | </author> | |||
| <date>n.d.</date> | ||||
| </front> | </front> | |||
| </reference> | </reference> | |||
| <reference anchor="NCSC_SCAN_INFO" target="https://www.ncsc.gov.uk/infor mation/ncsc-scanning-information"> | <reference anchor="NCSC_SCAN_INFO" target="https://www.ncsc.gov.uk/infor mation/ncsc-scanning-information"> | |||
| <front> | <front> | |||
| <title>NCSC Scanning information</title> | <title>NCSC Scanning information</title> | |||
| <author> | <author> | |||
| <organization/> | <organization>UK NCSC</organization> | |||
| </author> | </author> | |||
| <date>n.d.</date> | ||||
| </front> | </front> | |||
| </reference> | </reference> | |||
| <reference anchor="SCAPY" target="https://scapy.net/"> | <reference anchor="SCAPY" target="https://scapy.net/"> | |||
| <front> | <front> | |||
| <title>Scapy</title> | <title>Scapy</title> | |||
| <author> | <author> | |||
| <organization/> | <organization/> | |||
| </author> | </author> | |||
| <date>n.d.</date> | ||||
| </front> | </front> | |||
| </reference> | </reference> | |||
| <reference anchor="ANRW_PAPER" target="https://pure.mpg.de/rest/items/it em_3517635/component/file_3517636/content"> | <reference anchor="ANRW_PAPER" target="https://pure.mpg.de/rest/items/it em_3517635/component/file_3517636/content"> | |||
| <front> | <front> | |||
| <title>Crisis, Ethics, Reliability & a measurement.network - Ref lections on Active Network Measurements in Academia</title> | <title>Crisis, Ethics, Reliability & a measurement.network - Ref lections on Active Network Measurements in Academia</title> | |||
| <seriesInfo name="DOI" value="10.1145/3606464.3606483"/> | ||||
| <author initials="T." surname="Fiebig" fullname="Tobias Fiebig"> | <author initials="T." surname="Fiebig" fullname="Tobias Fiebig"> | |||
| <organization>Max-Planck-Institut für Informatik</organization> | <organization>Max-Planck-Institut für Informatik</organization> | |||
| </author> | </author> | |||
| <date year="2023"/> | <date year="2023" month="July"/> | |||
| </front> | ||||
| </reference> | ||||
| <reference anchor="RFC7872"> | ||||
| <front> | ||||
| <title>Observations on the Dropping of Packets with IPv6 Extension H | ||||
| eaders in the Real World</title> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC7872"/> | ||||
| <seriesInfo name="RFC" value="7872"/> | ||||
| <author fullname="F. Gont" initials="F." surname="Gont"/> | ||||
| <author fullname="J. Linkova" initials="J." surname="Linkova"/> | ||||
| <author fullname="T. Chown" initials="T." surname="Chown"/> | ||||
| <author fullname="W. Liu" initials="W." surname="Liu"/> | ||||
| <date month="June" year="2016"/> | ||||
| <abstract> | ||||
| <t>This document presents real-world data regarding the extent to | ||||
| which packets with IPv6 Extension Headers (EHs) are dropped in the Internet (as | ||||
| originally measured in August 2014 and later in June 2015, with similar results) | ||||
| and where in the network such dropping occurs. The aforementioned results serve | ||||
| as a problem statement that is expected to trigger operational advice on the fi | ||||
| ltering of IPv6 packets carrying IPv6 EHs so that the situation improves over ti | ||||
| me. This document also explains how the results were obtained, such that the cor | ||||
| responding measurements can be reproduced by other members of the community and | ||||
| repeated over time to observe changes in the handling of packets with IPv6 EHs.< | ||||
| /t> | ||||
| </abstract> | ||||
| </front> | </front> | |||
| <seriesInfo name="DOI" value="10.1145/3606464.3606483"/> | ||||
| </reference> | </reference> | |||
| <reference anchor="I-D.draft-vyncke-v6ops-james"> | ||||
| <front> | ||||
| <title>Just Another Measurement of Extension header Survivability (J | ||||
| AMES)</title> | ||||
| <seriesInfo name="Internet-Draft" value="draft-vyncke-v6ops-james-03 | ||||
| "/> | ||||
| <author fullname="Éric Vyncke" initials="E." surname="Vyncke"> | ||||
| <organization>Cisco</organization> | ||||
| </author> | ||||
| <author fullname="Raphaël Léas" initials="R." surname="Léas"> | ||||
| <organization>Université de Liège</organization> | ||||
| </author> | ||||
| <author fullname="Justin Iurman" initials="J." surname="Iurman"> | ||||
| <organization>Université de Liège</organization> | ||||
| </author> | ||||
| <date day="9" month="January" year="2023"/> | ||||
| <abstract> | ||||
| <t> In 2016, RFC7872 has measured the drop of packets with IPv6 | ||||
| extension | ||||
| headers. This document presents a slightly different methodology | ||||
| with more recent results. It is still work in progress. | ||||
| </t> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7872.xml" | |||
| </abstract> | /> | |||
| </front> | ||||
| </reference> | <reference anchor="I-D.vyncke-v6ops-james" target="https://datatracker.ietf.org/ | |||
| <reference anchor="RFC4942"> | doc/html/draft-vyncke-v6ops-james-03"> | |||
| <front> | <front> | |||
| <title>IPv6 Transition/Co-existence Security Considerations</title> | <title> | |||
| <seriesInfo name="DOI" value="10.17487/RFC4942"/> | Just Another Measurement of Extension header Survivability (JAMES) | |||
| <seriesInfo name="RFC" value="4942"/> | </title> | |||
| <author fullname="E. Davies" initials="E." surname="Davies"/> | <author initials="É." surname="Vyncke" fullname="Éric Vyncke"> | |||
| <author fullname="S. Krishnan" initials="S." surname="Krishnan"/> | </author> | |||
| <author fullname="P. Savola" initials="P." surname="Savola"/> | <author initials="R." surname="Léas" fullname="Raphaël Léas"> | |||
| <date month="September" year="2007"/> | <organization>Université de Liège</organization> | |||
| <abstract> | </author> | |||
| <t>The transition from a pure IPv4 network to a network where IPv4 | <author initials="J." surname="Iurman" fullname="Justin Iurman"> | |||
| and IPv6 coexist brings a number of extra security considerations that need to | <organization>Université de Liège</organization> | |||
| be taken into account when deploying IPv6 and operating the dual-protocol networ | </author> | |||
| k and the associated transition mechanisms. This document attempts to give an ov | <date month="January" day="9" year="2023"/> | |||
| erview of the various issues grouped into three categories:</t> | </front> | |||
| <t>o issues due to the IPv6 protocol itself, o issues due to trans | <seriesInfo name="Internet-Draft" value="draft-vyncke-v6ops-james-03"/> | |||
| ition mechanisms, and o issues due to IPv6 deployment.</t> | </reference> | |||
| <t>This memo provides information for the Internet community.</t> | ||||
| </abstract> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4942.xml" | |||
| </front> | /> | |||
| </reference> | ||||
| </references> | </references> | |||
| </references> | </references> | |||
| <section anchor="acknowledgments"> | ||||
| <name>Acknowledgments</name> | ||||
| <t>The authors would like to thank Alain Fiocco, Fernando Gont, Ted Hardie | ||||
| , Mehdi Kouhen, and Mark Townsley for helpful discussions as well as Raphael Lea | ||||
| s for an early implementation.</t> | ||||
| <t>The authors would also like to gracefully acknowledge useful reviews an | ||||
| d comments received from Warren Kumari, Jen Linkova, Mark Nottingham, Prapanch R | ||||
| amamoorthy, Tirumal Reddy, Andrew Shaw, and Magnus Westerlund.</t> | ||||
| </section> | ||||
| <section anchor="examples"> | <section anchor="examples"> | |||
| <name>Examples of in-band Attribution</name> | <name>Examples of In-Band Attribution</name> | |||
| <t>Here are several examples generated by <xref target="SCAPY"/> and displ ayed in the 'tcpdump' format:</t> | <t>Here are several examples generated by <xref target="SCAPY"/> and displ ayed in the 'tcpdump' format:</t> | |||
| <ul spacing="normal"> | <t>IP packet with Probe Description URI inside a Destination Options exten | |||
| <li>IP packet with Probe Description URI inside a Destination Options ex | sion header:</t> | |||
| tension header</li> | ||||
| <li>IP packet with the URI in the data payload of a TCP SYN</li> | ||||
| <li>IP echo request with another URI in the data part of the ICMP ECHO_R | ||||
| EQUEST</li> | ||||
| <li>IPv4 echo request with a URI in the data part if the ICMP ECHO_REQUE | ||||
| ST</li> | ||||
| </ul> | ||||
| <artwork><![CDATA[ | <artwork><![CDATA[ | |||
| IP6 2001:db8:dead::1 > 2001:db8:beef::1: DSTOPT 60878 > traceroute: | IP6 2001:db8:dead::1 > 2001:db8:beef::1: DSTOPT 60878 > traceroute: | |||
| Flags [S], seq 0, win 8192, length 0 | Flags [S], seq 0, win 8192, length 0 | |||
| 0x0000: 6000 0000 0044 3c40 2001 0db8 dead 0000 `....D<@........ | 0x0000: 6000 0000 0044 3c40 2001 0db8 dead 0000 `....D<@........ | |||
| 0x0010: 0000 0000 0000 0001 2001 0db8 beef 0000 ................ | 0x0010: 0000 0000 0000 0001 2001 0db8 beef 0000 ................ | |||
| 0x0020: 0000 0000 0000 0001 0605 012c 6874 7470 ...........,http | 0x0020: 0000 0000 0000 0001 0605 012c 6874 7470 ...........,http | |||
| 0x0030: 733a 2f2f 6578 616d 706c 652e 6e65 742f s://example.net/ | 0x0030: 733a 2f2f 6578 616d 706c 652e 6e65 742f s://example.net/ | |||
| 0x0040: 2e77 656c 6c2d 6b6e 6f77 6e2f 7072 6f62 .well-known/prob | 0x0040: 2e77 656c 6c2d 6b6e 6f77 6e2f 7072 6f62 .well-known/prob | |||
| 0x0050: 696e 672e 7478 7400 edce 829a 0000 0000 ing.txt......... | 0x0050: 696e 672e 7478 7400 edce 829a 0000 0000 ing.txt......... | |||
| 0x0060: 0000 0000 5002 2000 2668 0000 ....P...&h.. | 0x0060: 0000 0000 5002 2000 2668 0000 ....P...&h.. | |||
| ]]></artwork> | ||||
| <t>IP packet with the URI in the data payload of a TCP SYN:</t> | ||||
| <artwork><![CDATA[ | ||||
| IP6 2001:db8:dead::1.15581 > 2001:db8:beef::1.traceroute: | IP6 2001:db8:dead::1.15581 > 2001:db8:beef::1.traceroute: | |||
| Flags [S], seq 0:23, win 8192, length 23 | Flags [S], seq 0:23, win 8192, length 23 | |||
| 0x0000: 6000 0000 002b 0640 2001 0db8 dead 0000 `....+.@........ | 0x0000: 6000 0000 002b 0640 2001 0db8 dead 0000 `....+.@........ | |||
| 0x0010: 0000 0000 0000 0001 2001 0db8 beef 0000 ................ | 0x0010: 0000 0000 0000 0001 2001 0db8 beef 0000 ................ | |||
| 0x0020: 0000 0000 0000 0001 3cdd 829a 0000 0000 ........<....... | 0x0020: 0000 0000 0000 0001 3cdd 829a 0000 0000 ........<....... | |||
| 0x0030: 0000 0000 5002 2000 c9b7 0000 6d61 696c ....P.......mail | 0x0030: 0000 0000 5002 2000 c9b7 0000 6d61 696c ....P.......mail | |||
| 0x0040: 746f 3a6c 6162 4065 7861 6d70 6c65 2e6e to:lab@example.n | 0x0040: 746f 3a6c 6162 4065 7861 6d70 6c65 2e6e to:lab@example.n | |||
| 0x0050: 6574 00 et. | 0x0050: 6574 00 et. | |||
| ]]></artwork> | ||||
| <t>IP echo request with another URI in the data part of the ICMP E | ||||
| CHO_REQUEST:</t> | ||||
| <artwork><![CDATA[ | ||||
| IP6 2001:db8:dead::1 > 2001:db8:beef::1: ICMP6, echo request, id 0, | IP6 2001:db8:dead::1 > 2001:db8:beef::1: ICMP6, echo request, id 0, | |||
| seq 0, length 28 | seq 0, length 28 | |||
| 0x0000: 6000 0000 001c 3a40 2001 0db8 dead 0000 `.....:@........ | 0x0000: 6000 0000 001c 3a40 2001 0db8 dead 0000 `.....:@........ | |||
| 0x0010: 0000 0000 0000 0001 2001 0db8 beef 0000 ................ | 0x0010: 0000 0000 0000 0001 2001 0db8 beef 0000 ................ | |||
| 0x0020: 0000 0000 0000 0001 8000 2996 0000 0000 ..........)..... | 0x0020: 0000 0000 0000 0001 8000 2996 0000 0000 ..........)..... | |||
| 0x0030: 7465 6c3a 2b31 2d32 3031 2d35 3535 2d30 tel:+1-201-555-0 | 0x0030: 7465 6c3a 2b31 2d32 3031 2d35 3535 2d30 tel:+1-201-555-0 | |||
| 0x0040: 3132 3300 123. | 0x0040: 3132 3300 123. | |||
| ]]></artwork> | ||||
| <t>IPv4 echo request with a URI in the data part of the ICMP ECHO_ | ||||
| REQUEST:</t> | ||||
| <artwork><![CDATA[ | ||||
| IP 192.0.2.1 > 198.51.10.1: ICMP echo request, id 0, seq 0, length 31 | IP 192.0.2.1 > 198.51.10.1: ICMP echo request, id 0, seq 0, length 31 | |||
| 0x0000: 4500 0033 0001 0000 4001 8e93 c000 0201 E..3....@....... | 0x0000: 4500 0033 0001 0000 4001 8e93 c000 0201 E..3....@....... | |||
| 0x0010: c633 0a01 0800 ea74 0000 0000 6d61 696c .3d....t....mail | 0x0010: c633 0a01 0800 ea74 0000 0000 6d61 696c .3d....t....mail | |||
| 0x0020: 746f 3a6c 6162 4065 7861 6d70 6c65 2e6e to:lab@example.n | 0x0020: 746f 3a6c 6162 4065 7861 6d70 6c65 2e6e to:lab@example.n | |||
| 0x0030: 6574 00 et. | 0x0030: 6574 00 et. | |||
| ]]></artwork> | ]]></artwork> | |||
| </section> | </section> | |||
| <section anchor="acknowledgments" numbered="false"> | ||||
| <name>Acknowledgments</name> | ||||
| <t>The authors would like to thank <contact fullname="Alain Fiocco"/>, <co | ||||
| ntact fullname="Fernando Gont"/>, <contact fullname="Ted Hardie"/>, <contact ful | ||||
| lname="Mehdi Kouhen"/>, and <contact fullname="Mark Townsley"/> for helpful disc | ||||
| ussions as well as <contact fullname="Raphael Leas"/> for an early implementatio | ||||
| n.</t> | ||||
| <t>The authors would also like to gracefully acknowledge useful reviews an | ||||
| d comments received from <contact fullname="Warren Kumari"/>, <contact fullname= | ||||
| "Jen Linkova"/>, <contact fullname="Mark Nottingham"/>, <contact fullname="Prapa | ||||
| nch Ramamoorthy"/>, <contact fullname="Tirumaleswar Reddy.K"/>, <contact fullnam | ||||
| e="Andrew Shaw"/>, and <contact fullname="Magnus Westerlund"/>.</t> | ||||
| </section> | ||||
| </back> | </back> | |||
| <!-- ##markdown-source: | ||||
| H4sIAJB/vWQAA81b224jyZF951fkqgFPCyZLvEviGOvRSOoZebrVWkntwcA2 | ||||
| epNVSTKtYmVNXcSmhTb8us/7tH+wxgL7BfvWf+Iv2RORWTeKVGt8WayAbknF | ||||
| ysjIuJ6ISHU6nVams1BNxN5JliV6mmfaRMLMxEWUqSRSmbhKzFSley05nSbq | ||||
| Hi/aB6L2/l7Ll5mam2Q9ETqamVaaT5c6TfFRto5B/OL89lUrMH4kl/gtSOQs | ||||
| 62iVzTomTpXfiYliR1YEWzpOJiJL8jTrd7vH3X5LJkpi77exSiS9kQoZBeKN | ||||
| jORcLVWU7bVWJrmbJyaP66/JUNwoP090thanMpZTHepMg/uZScTFlbhUGa3D | ||||
| aWeJTLGhn+WJ2mvdqTWeB5NSDJ0zYrp1r6JcTVpC/N12EsKKaO97fKqjufiG | ||||
| KNPzpdQhnrOIviJpeSaZ0wcy8Rf4YJFlcTo5OKD36JG+V17x2gE9OJgmZpWq | ||||
| A6ZwQCvnOlvkU6xV9+vIv3MfPZY/vRtCpWlW28et8SwRT5tdqw8+r2BvkS3D | ||||
| vVYrzaDG9zI0EUSwVmkrXcoke/9jbrD5RESmFeuJ+E1m/LZITZIlapbip/WS | ||||
| fvhdqyXzbGESKKQDjgWMD4vOPfFr5pQfWZP79G+J9uuPISMZ6T+w6ibiVKe+ | ||||
| 4efQjFI49ZkS34X4KZQyEuMT/sw3AUj1jgY9+ytUjRe1ggW6z/MoIx/4WoVz | ||||
| nduHyqrRCe8rn3byfLNssPy1J85MBDOrsfy1isyn/87qHzSZfhdB40mqs09/ | ||||
| FoESr/Wn/5yrzzIyBVmdeQFT/SoPiX1vqhrs/MoTF3mylFGNnV/BF3VUf/73 | ||||
| 4Ob3TNXTTLXGTSsyeJKB5KTVopBS/ibE65Prb87f35yevD6fMC0Xwc5nM+1r | ||||
| xAJxEiIWwUqX1vtey2SuOje+DJW4NbEJzXwNvUER4HhtSdArUHth60HoSX/J | ||||
| nhQYfRAHs4Ne1+v1hiN8P+yNj/FLdzzsj8a8PICvTARC1cgakUrg+cS2ZVCI | ||||
| s7cXsJwnKJSGzF8d9/0JW3AaaAr+SqskUeJnCIzgQJzm9P9rOTWIUUYnpJar | ||||
| 8V/+9O+nl9c3O7a6WiBwxbES19Lk4T92r1u9zBPxCguDwqj+UVth5Z04TaDx | ||||
| MJTNnb42aYacV26I+G2WcY64L27InnyFaBAjLFGewdKLq1+P39++vXr7+u03 | ||||
| PzQs8CIS2UJRtEcCpZ++VgsTBkQoSyhDFvngxCdjxov34+dYJAxytVp5PoQU | ||||
| sE3GEmknPZg68h299HtHHqy0YY29o+dY46B/eDQa9D3+Pjp+hjVeI5gnGQ4H | ||||
| ZsN1U5iX8h6Z8AoinScyyMEJhLgwJtxFSy7lXaLTRYQ4e5YnUify9zttYU2C | ||||
| fZsAakQ76J3Jex2IKySUuw01n9xhKy1ulb+ISOCQyQ4aLtRdeTjpIlHJ808I | ||||
| 0xhuN40fZJLEf/nTf1CGZxsp4NU1dGqW+g8qEN/q+aJzEyv86Azkb7CNNW3I | ||||
| hjF+bBjj5xhG//jocDgcePz98B9pGNcXV+fvT25fn9w0ZEaPATNDmW6N0ZI+ | ||||
| 8RIdKw+CPMA7l6c3pw0Kt5D0ZQHPTtdT8sQSpMGbE7WVMgk08lPfm5t7L78r | ||||
| SFPOuXx/cfnqbWMT+ghnkVFEyi2TlTPRz9GuvX9Azzupo9RpUsLeV02Twpbx | ||||
| 9uyV0ieFUE4ur79/f3VydX7dWH0Kp9PAUufZQvv4fq1CbUHrGoFWiqWSKQAq | ||||
| xTyixNi1g7dmofItAEfMdGZaYNs31ZoUgsDHMlBLLbcyGeNNbxnPvUAdJECa | ||||
| BzpTy5T/fz8Y9Q7Hg9EBcFIMaBhlBzMdKvd4jMfwnihr2HR/8KxgN0bOHQ89 | ||||
| /n40eIZN35qplql4pdVUz5sm/UZ+6FyFEriucxEhZGR5Jmaf/ichjG81d9dq | ||||
| dTodIaeAldLPWi0nsGVdUOTXHBPifBoCpZahAYbgpCYU0Aze8g2yF6c9MjXK | ||||
| SZRRkFAiE3WaH0JsqSduzFJleomXsD5tbtwWMkwNdglDRByG6PQM6fReqxUe | ||||
| 4dh5tFIhtKBoEzmfQ1Ep1Rmt1u1CpwIlXU60RJrP59BhCpCOd1O9jIG1Mgq1 | ||||
| +sfcJT2JD/ME2TQzQgdYpWdrobGm3DoMzYp4l9GaD7emXeswk5bmETIe1w1i | ||||
| tZAZXsaj1EByMB13DqwG2M4EGTi/xNvkSWwgA3pIq5cGRwWnKCtklIVrvGlo | ||||
| A7IuKMvj6FGeQSRwEMVWb2azTqgjBSoyXMOLinTPe7fpR5QnTD2DiLAoMhnW | ||||
| /5gTVqHD+QsZzRW5CC2DCUs6KW2cmFDEsCkFCJ6JBVQwVSoCok71PMLxkMIi | ||||
| sEryDOUaqX/Q0CkUwxa31EEQAka/IGtKTJCzz7Zab2j32gJwlSqqFcHky4eH | ||||
| GrT++LEtHh5+ef3q9PDosE+/kczw5KJz5tkCz5Y0nfsxirzO7+Et6ceP+2xA | ||||
| MEP4QqqigNQJPGT1gT3S0iBXMGmhPsCRqU8gFkqSXkV5sGHxaH+3hxBLcN5U | ||||
| lRuQz0D/kBe8APKCPv9q38n9RUmXTtXwFKu8mg9A9DfuwI/sEX6xAJoOhJne | ||||
| a5On0CAxaciGcApB4FDA+AVwfj5fENdkMjD1HK/CRmGPLADDR3HMf0HaY5cC | ||||
| t19D4Mi7kSVItIhouxCP5cJnJlCFw1sT8hwZymSJd7BopcOQjRSis26so3sS | ||||
| 49w1XKbrQpSsCvbPRPlK3xegxvreS+0pj/xORbWnViPWi2UQUCAR5DkkAver | ||||
| TJ2R4/i0sCLOm+2TssCEJLkngeNgIfkNZjhQ99rnWJewGFdIbYumBEiPiMWw | ||||
| Odb0S+XNPTLtyqbcpwIk8GTfhoGGKKyoCgWW0QCs5anlloMPkjC1eNJ6QKjk | ||||
| UWuG/NUxIv3/EYdRoneeFYvL9zbCMT1/RkRm7md5wjZYQ0eQwgXRRzSJAU7I | ||||
| gGgTQ4GyjG+JizhzYwIsJvzAVs26zFPlEmQlK5IDTIfsCHIgTS+Bz7Pi3SUZ | ||||
| hmYbDgDO8zRVRBcRMnUI8+NHMPY9ymmr9iqTWC+EZPLUGvuSitMGJihDAzTA | ||||
| 4bCWYjKDaCUgef+uTRkGHLisUGYJ0GRARgLbStfSHIiXJHbSBnzP+FqS8Ezs | ||||
| 8F3yODzve5RTuAOMojj1gb5tYmFZpBYaEpOowsjbxEquHxldwAurSFGzw/2a | ||||
| IdJWW/YS764vxMMLiPjjpvUHagZHpG23r5L0Ef0QG1gAR60iPbANb1v3ivT3 | ||||
| MlUKmiUQyikudVs5jWsAAcqQNphUDdMPkvyPgbgHHBV27iKzig7oeNjcyz5k | ||||
| e19a27f9sCISlpToYWYmSE1f1Yi5RSJekDajfIm6plySqXDy814HRV5nNBp1 | ||||
| ur3+YG+XJPlsDy/4WMCmO05FZrdj7RKVMhnyEsYhUOBpcBqyge3tPLENqE8R | ||||
| nBkKQLyv9fE6X4WNDckjHh7+CQDluNcbf/zIEcSlWQ4YLnJaaqTsmVZhkG4j | ||||
| 1t8kxuZwKgENNLI+/WxDEH46/xAjRKf46QpBnRpTQec1QnUuEXkhRRGpld1K | ||||
| 7NXOt1fwxqB7SoHdD/PAOmvpEcRwvfJC+QHhZpzFfpI02hacWD4KNUlKtzZZ | ||||
| oSAhkXBIjIywCSxR8o5t5QVOyebWav3xj3+Ex5eiYPd5qWcUmfZb5eOqrKsb | ||||
| ff0kUD2FDifHwtJb7veJ2G7qtOTXMtQB4mnLSd5We51evzPo3faOJoPDSffw | ||||
| D/RmpYYtqpkAXMFL4FyzpAxiqRO9jWI1dU3K6P5YaLUlDeSPiEXSAu23edYx | ||||
| s86UTNJaem1aRjaCzJdqV21TeHyMCbAzDGOaazIZkSKx6RmgL4l/KilvGGve | ||||
| LqwWGKrOj8u87ZoLWBM5GvdGyE7iFYd4FnbbmoJ0Kzeo9rvd3iSYHk0CpIHJ | ||||
| pNfe8CziCgwTtxm7jp45BEd9O/j55Q2hOQPURqfdJAcmdJpVYa8e63iraEcQ | ||||
| cvv+pIjL8Qc4w7kjKDJQoFD6mN0vLeJe6VQ9GQjrvs2HsUmPEfUmTTu6pAjA | ||||
| SQ/ew/FchXjrpSFkQ3LXRHx/16abB//tbzZl+tvf7ZYA5U1ltcWUqvjAbsMt | ||||
| b4fBn5UQPU4elMUKY6Kl7777TO8NBKh3htANIESOBrxKo8y6H7C21oKaYizS | ||||
| +zyMVFJNV6WfGKokijGtTxMSxoDpOqWGUgGgwQ2JnSvIdFGHj86TdCKK1huV | ||||
| ws2GHw7ZdrCmKHY2PG6lprG0eL2mcs+W4LsjQeQqumfGA5c0diIcXS+5AKVU | ||||
| OPPEt2TuHMmo1FUfFpIa3PeoOMlQwb9TW8quS0GB6qHTNzSdAGg1ZVVoo8dw | ||||
| OBxQgil4IQhaK1I45Xy5SWm4jdLhcf/5hMS7syv+YJ7IZUFgfPQEgViuQyMD | ||||
| F4ysDJDr8jhWScci4BJOy1nmCluu/6gEsSC5xsDt6RUS7pyhpsu1/eOnRPF3 | ||||
| ZiCyAyNXT7lQDr9/zAHMQwaXDskXVbsGkmfT+dbEnem6g2+E8c9qhflbB/0t | ||||
| 2ndxYrulccxAEQI2pe1NzHRC5gTny8o05ATAxZ0LMjjmkvaDi1IxH1Uruh+6 | ||||
| XZyEawKco1gQ5Qij1SpPXMyeiIrkwobXoUT2qYtpuZuqubbO3eTN5ZfafjH1 | ||||
| HYLt7GHzKFVJVgSBHTxs9nqog7wB7Zx3FpmyUSpPFbVcU+g/mbNRSOfWEin6 | ||||
| ze0729ct3ZabGnNNzR9nfRIWFgX6A4ykeImr0UtDzXLbpZCAXHMgCgdqXC0m | ||||
| UcBzkcqIA5HbxJJ+pRJVJfsUg6jGxAeWa9TMlC3MUyrRRXMDp8LRA9ta5g5F | ||||
| 0WyJTFC2p8B8SF2eQM84GWUkHJ8az4ThKTgWvT6L8q0uuAquzoPDks+4NhKy | ||||
| rs1J2oXix/F1Rd3usob/TJeTw3r96g/R5MkiY2SAWnI1d1Op1XrHrNeaZ6aG | ||||
| Dznj2x/LFkGbi29S6BT5AQddTgnxt8VCzxdc6JN+uRltWxlFawgFu+tLFJVB | ||||
| UVpYA8zj1Bbm2C0ALrC/UQqQVGNU+6fGNlGsoPCm683a35fyjn7npJwoxRz5 | ||||
| FFy4u0OtB+pbOxRkc6sP0Jq6iCKDewnVze3W1hw3xVK1S7hlt3Bu7HBM05Os | ||||
| fdk2qfXb7X02fLMQLbNNKO4ZyXTNVg2/y+Mi/IBEkttwISm101yJmtDUvCwb | ||||
| mtRsfKp6Sz3xjmBGllPgCteuEcgHsv1KndZEkRlD4cV+xOJqf1Y2tiVVBDwG | ||||
| EUBnQa7skcAyzBGGYeEkaqBNr5Xi8uSWWjBUZ0Zr1EgBN0cYbUAEm8dv10Tr | ||||
| ioSLqxILVcGXUWfRXq0GuXCtatgL4FfryqakylliljWCri1K5rehVrZIYLJg | ||||
| HckleX2jYCHRqcx35hYnGuFrXZld0+oeeR9jLWchPHW3vsMqoba26+Nu14gz | ||||
| xhnMgHXxUqalgQQ0GLlXrqdcsFW3gubWFA1jw61KlBLb8whdh9OkzCIqch23 | ||||
| Oxhbi5my8fkyCSihNupARi6EFqm4s/GwBnxq9G9+uBSzUDJarsDQPnvZUpYN | ||||
| bAbHknW3ZkW7aE7hzDrbZ8g3wvxPOVYBrt3RrGx3JqmiHcPw6bkQqV2hqhri | ||||
| wtapiF2sr1Ua8EU7UhseDxn5lv0nr+cde6Oineu6+EUju4nmikkSFa1Fn6v7 | ||||
| RVlUpkuaUjnQcGTRC48gcuAJ1FcMXajJSn3sraUGA6zmnrUBBeGCrMyrnM/5 | ||||
| bDt45765ZE45JYogMXHME5vaeG3DBIn6ax3lH8R3VNWFrtNQDLGbG7tkZtWe | ||||
| Nsg6z6DT8v0hnGTgjQCov7VDI06um67MHfHNkJCWOdgmkAW3kqd6XgWVGnJt | ||||
| Nvgll8YaMTgh0cF3I857e3TxwHYASCl7TxrnY/TSZhXfcaCW2DJJVFiMp7Yc | ||||
| q4pQxcyr0ZoIjbnLY0SmamCxIxvTXV1SdEgBH5xENtfExsxwCqs8K6wNbh7H | ||||
| WUMAjwTJgx+67BGqjPJKmLu5zgt7P2ULpjr/oPw824QCNAFK+M5e7V7FPDRT | ||||
| UCgnfBUwd/M2oAC3i1/fpe0GiI9HPNWdGm77O6zMAyvVHIEVABfmXZ+AFuNn | ||||
| ioc6ujfhPQLW5jgDwqUJWcrqXS4ZpK4bU7t6A5BH4aocq1Fut5dNCsgEzoGD | ||||
| SSZUhwe578aRRYJB4MbHRTukOciz7IJDGjNXKMa4yXpdNdy2BGlAREansE6f | ||||
| rwBPbHav14XuIk9hki5AQ32G2yz31Pn95X7Ri2JZur8rsCNzbkOxQz48NK5l | ||||
| unEAPx3Wn1LEY4BVSCXl+3YWO6acmUl6G0fis+ZcBaa+iV290xz+v6i1t5qr | ||||
| H16UI8GdKt4+qt0Wm3dNOgsTbkw8ORAVE8vCnu1T3pGMiARVswe6ndEwsgKj | ||||
| 2U5bVru8yHB1BsG1H01PN2Igl9I0RG0jG5BVwf/s3Yus4MrGxRLoNxp0U8py | ||||
| IFPhy2mIgIpT89+IULJ/V+C5JhsuW9Iq2qBIqFaw7rJISYNucSlqCcBhq/Zw | ||||
| YQsulJfhyRU3xVUEzRC+gddqV5U4oCZ6TugiCopajQ2KE5adH7jSrdjAYUmE | ||||
| tBllDgJWOts2XX1kJ7XQNVVZVuCByFTESQ5hWELkLf1Gt1HwVMgpys9ZNaIo | ||||
| rhFMy1Bh2171dEchsKhWXI0IUjxkqQ/2he3V09WJNjcsQoVYSRvC6LjkZYhs | ||||
| +YQlUgu9bjgrTmZU/9AFqPotlZRLbM5azjeKspD7J34hg0IkVgqNqyeeve8t | ||||
| M64M2rZSIU+0/sXxoX5TBQJeIV3Oqbnh+zkDYKdSi16LySCc27ibAXm0Arqg | ||||
| braNxS6ilNdW5qgfeHRsi3MeCNM1JRzPNZYeyYz9kUIgvUtDB2DHxvS5omRH | ||||
| y/sMZyX7AbVvkVzbBQDUsXbq5+PWZe98lZ2Lzkg4gGIoyMx0pWDGmhUlt8q9 | ||||
| 9DgSJBUWXVEfn8pvMuq6z2aJKlqSjBrhtWUHdkX/wRi3RFZqjll9VrXhtrs6 | ||||
| vLlPexDsp2nv2Zm5AcJk8VrIWbd7G6vdvRlrYfWYYa0FzmHojD4Hjp3Hd4HQ | ||||
| Dlye7Li5ZJllFrMwKgsVDVcijmNPDHfI9fmiHSMkGdBMvy2uEMqohMHDCxsM | ||||
| NA/7L2r8vby6uNivx9wi/pOPN42McWzNyr6ELOcKRT0iCF7mv6/7zJJajI6L | ||||
| eS9sNSRreOJ4fuOKQJWOuPB1noVIdJfuF6DKXd5qnmszA/Gk5+Ty5HH254sU | ||||
| Ns7ufU8jue+4OQJFpXsQ8FynGdy4OkweB9weL5FzNWgtBoPI8wBHlOBeVsaa | ||||
| KWR0skrGWfVR7z5Pdsgy0nw20x8mBfyxY/mOOLW1urtdhvrR/c0mPrpxcV06 | ||||
| 87fI5WW6P2lCIH4XZp6nE8pYSxnxQ3sfdYqCjAR04lNjKFSBrfZdO5AvYBee | ||||
| EOo7N31EdQNtkpJeaQMM2RavADvo7yXEN2C0LW7pjyZQ9WmY5xu1CLT4zuQL | ||||
| GvPbPw5N7sQtNTlDZdPkQoXxLA8LNG+hHfaFTuj7tYwX8tN/heL1pz9Ld1cu | ||||
| EvAZewcz5BKjuHH2mHEO3wX380T6CntxsC/OzM5ADKDy0mqVOiiwtJ0Pe92R | ||||
| nIXU972EOUfiu3wpE90Wv8LPKInvzL1s25MhXFFKW0jkrqtExjJCvqc/p1ka | ||||
| k2SLNcSjE6wOxbUKAvx6EsGNVuJmIVeFgOYR7P57KteTEGDFFlzFVAFBvSjZ | ||||
| 6n8b/PCiHCmgkC77ma7XWM4k2JeLKc/DA//5gkPlEH9Mo60yMH2R+XGQL+Mv | ||||
| 3A0Xttby1rD1g12Fseu+bGvRbN5e20KVJ8NVgd2Y2nF3lHpTNz9cuqWNGaa9 | ||||
| MOF6TI+JJOUUjAag4vz027fvr8//5d35za2ltjkTdRcwtlLSOynRjZOLq/Hj | ||||
| OxX/XD2aKjXDo4k4u0EpdCvG3aPDI7xAf5Sg+J7rpPUqlPNU/Obmd9SV+lF0 | ||||
| 6UJIJI56x31EQxXNwVu31aIZWLc7ESDR7Yqu/W84FAN/2OX9RBcbCuLBfir+ | ||||
| 1cPX2S++8twXk+gRiW6NhP2vVyNBPDsS3sYXk+jvItEdd0ei2+v7Ynx0OBSH | ||||
| w8MmiTbdmWASAyJxOBhI0Z/1Z2I8glDGvXEgDrtjrB71lRir8Qgk8KnYvF/C | ||||
| JIZEoq8OD/E6rfH7gRhPx1g4o2cKCw+7h338Ou6Di40LGUxixOI8pjWH2BH8 | ||||
| HuE/nEYFABJH/WNZO6FwMbspi3FTFiNIhyQJjYzHR25h9UXLrvDvZwuP/lxg | ||||
| m/F4vdHoaJsJeU+ZzKQ/2GI1/cEOs+lPoasnzebn3v+d2Qz8IHgk7WLpL+ok | ||||
| Bruk7R9PD+2zcTDukU79Str0RWimMpvD4XgmBpLMpgfrGHbJ1I5oYQCTHfv4 | ||||
| ta9gFmLzWlzNbEaw8KZ2t3+pbJeqt8YJijPjdiM8AWBDN+2WCw6Fco92KLfn | ||||
| 42hPKteb/N8p94id4fh4vE25nre/oVxoZgQFUGCYDsBAMOiLQdf+NBKDEf7D | ||||
| TyCxedm2Uu6gR2sGn9dNrz+wqhFwGq/r9T1SSe/4yBvBDbue08Y2XYimLga9 | ||||
| mi6GIz7nYOCCIp14yKJQxwPhsxTAthDnnjeg03/1SBf+mFZLWn1E4UiyrRXi | ||||
| q5v4IKCVWcPE+3+7iQ9+solTMvxfsfB3ctREAAA= | ||||
| </rfc> | </rfc> | |||
| End of changes. 67 change blocks. | ||||
| 536 lines changed or deleted | 254 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||