@techreport{xu-intarea-challenge-icmpv6-00,
    number =    {draft-xu-intarea-challenge-icmpv6-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-xu-intarea-challenge-icmpv6/00/},
    author =    {Ke Xu and Xuewei Feng and Ao Wang},
    title =     {{Enhancing ICMPv6 Error Message Authentication Using Challenge-Confirm Mechanism}},
    pagetotal = 14,
    year =      2025,
    month =     feb,
    day =       26,
    abstract =  {As well as the Internet Control Message Protocol for IPv4 (ICMPv4), the Internet Control Message Protocol for IPv6 (ICMPv6) is significant for network diagnostics and error reporting. However, like ICMPv4, ICMPv6 is also vulnerable to off-path forgery, making it difficult for the receiver to verify the legitimacy of a received ICMPv6 error message, particularly when the message contains stateless protocol data (e.g., the message includes a UDP/ICMPv6 packet). Consequently, adversaries on the Internet can forge ICMPv6 error messages carrying stateless protocol data, leading the receiver to erroneously accept the forged message and respond to it. This document proposes enhancement to ICMPv6 by introducing a challenge- confirm mechanism that leverages random numbers embedded in the IPv6 Extension Headers. The enhancement aims to strengthen the authentication of ICMPv6 error messages, thereby mitigating the risks associated with forged messages and improving the overall robustness of the protocol.},
}