Dear Brian, Broken on the internet does not mean broken on limited domains, as can be seen by active IPv6 option development. And broken on the internet seems to be mainly due to network providers (and implementations?) not wanting to be standards compliant (for various reasons, but not for reasons of standards compliance). And yes, there are the security concerns for the older IP options, but security can be addressed for new option proposals, or (partially) ignored for limited domain use.
>> I strongly oppose to closing the IPv4 options registry without alternative >> means of providing similar features on the network layer level (IP protocol). >> As you know there have been several I-Ds the last years requesting IPv4 >> option numbers, that were refuted/demoted “because IPv4 options are not an >> option”. > > They weren't an option in 2005, as the reference shows, and they weren't an > option in 1994 on the only occasion that I proposed one. The Internet has > been opaque to IPv4 options for more than 30 years and that isn't going to > change. I read RFC 6274 differently. It says a few important things about the IP option implementations: 1. IP systems are required to ignore options they do not implement. --> This can only be done fully appropriately when all options (except 0 and 1) are Case 2: type + length, alternatively processing is stopped when encountering the first unknown option, which is always possible. --> This also means that the internet is supposed to be be transparent to IP options, and that this is not a security issue. 2. All current and future options except End of Option List (Type = 0) and No Operation (Type = 1), are of Class 2. --> this is problematic, while limiting the number space unnecessarily IMHO. 3. This format allows for the creation of new options for the extension of the Internet Protocol (IP) and their transparent treatment on intermediate-systems that do not "understand" them, under direction of the first three functional parts. Number 3 explicitly leaves open the creation of new IP options under certain conditions, so the reference explicitly *does* show they *are* an option. Best regards, Tjeerd P.S. also my employer would like to use IP options, or keep the possibility for new IP options open. _______________________________________________ Int-area mailing list -- [email protected] To unsubscribe send an email to [email protected]
