RFC6346 reduces the space for TCP/UDP ports, which makes port-based attacks
against protocols easier, as was mentioned in RFC6056:
"It is also worth noting that, provided adequate algorithms are in
use, the larger the range from which ephemeral ports are selected,
the smaller the chances of an attacker are to guess the selected port
number."
The primary mitigation against the Kaminsky was port randomization and attacks
against other protocols may also need such port randomization. If RFC6346
progresses to Proposed Standard, its impact to the size of the port space
should be noted in RFC6346bis's security considerations.
-d
On Dec 1, 2014, at 2:38 PM, The IESG <iesg-secretary(_at_)ietf(_dot_)org> wrote:
The IESG has received a request from an individual participant to make
the following status changes:
- RFC6346 from Experimental to Proposed Standard
(The Address plus Port (A+P) Approach to the IPv4 Address Shortage)
The supporting document for this request can be found here:
http://datatracker.ietf.org/doc/status-change-address-plus-port-to-proposed/
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2014-12-29. Exceptionally, comments
may be
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
The affected document can be obtained via
http://datatracker.ietf.org/doc/rfc6346/
IESG discussion of this request can be tracked via
http://datatracker.ietf.org/doc/status-change-address-plus-port-to-proposed/ballot/