Defending against Sequence Number Attacks
RFC 6528

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    tcpm mailing list <tcpm@ietf.org>,
    tcpm chair <tcpm-chairs@tools.ietf.org>
Subject: Protocol Action: 'Defending Against Sequence Number Attacks' to Proposed Standard (draft-ietf-tcpm-rfc1948bis-02.txt)

The IESG has approved the following document:
- 'Defending Against Sequence Number Attacks'
  (draft-ietf-tcpm-rfc1948bis-02.txt) as a Proposed Standard

This document is the product of the TCP Maintenance and Minor Extensions
Working Group.

The IESG contact persons are Wesley Eddy and David Harrington.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-tcpm-rfc1948bis/


Technical Summary

This document specifies an algorithm for the generation of TCP
Initial Sequence Numbers (ISNs), such that the chances of an off-path
attacker guessing the sequence numbers in use by a target connection
are reduced.  This document revises (and formally obsoletes) RFC
1948, and takes the ISN generation algorithm originally proposed in
that document to Standards Track.


Working Group Summary

Nothing exceptional occurred during the working group process for this
document.


Document Quality

The algorithm described in this document is widely used, and has
been for a number of years.

This document is aimed at decreasing the predictability of the
TCP ISN, to reduce the probability that an off-path attacker can
guess the ISN, which would allow it to compromise the TCP connection.
It does not change how TCP operates, just how the implementation
chooses the ISN for each connection. 

Personnel

David Borman (david.borman@windriver.com) is the document shepherd.
He has personally reviewed this version and believes it is ready for
forwarding to the IESG for publication.  Wesley Eddy is the responsible
Area Director.