Defending against Sequence Number Attacks
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: RFC Editor <email@example.com>, tcpm mailing list <firstname.lastname@example.org>, tcpm chair <email@example.com> Subject: Protocol Action: 'Defending Against Sequence Number Attacks' to Proposed Standard (draft-ietf-tcpm-rfc1948bis-02.txt) The IESG has approved the following document: - 'Defending Against Sequence Number Attacks' (draft-ietf-tcpm-rfc1948bis-02.txt) as a Proposed Standard This document is the product of the TCP Maintenance and Minor Extensions Working Group. The IESG contact persons are Wesley Eddy and David Harrington. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-tcpm-rfc1948bis/
Technical Summary This document specifies an algorithm for the generation of TCP Initial Sequence Numbers (ISNs), such that the chances of an off-path attacker guessing the sequence numbers in use by a target connection are reduced. This document revises (and formally obsoletes) RFC 1948, and takes the ISN generation algorithm originally proposed in that document to Standards Track. Working Group Summary Nothing exceptional occurred during the working group process for this document. Document Quality The algorithm described in this document is widely used, and has been for a number of years. This document is aimed at decreasing the predictability of the TCP ISN, to reduce the probability that an off-path attacker can guess the ISN, which would allow it to compromise the TCP connection. It does not change how TCP operates, just how the implementation chooses the ISN for each connection. Personnel David Borman (firstname.lastname@example.org) is the document shepherd. He has personally reviewed this version and believes it is ready for forwarding to the IESG for publication. Wesley Eddy is the responsible Area Director.