Joe,
The next to last sentence is a bit weak. Dropping all packets with
routing headers will flat-out break MIPv6. If routers/firewalls start
doing that, that would be very bad. From a standards perspecive, we
should clearly flag that as bad/non compliant.
If I understand your point, you are happy with the meaning of this
section but wish that it made its point more forcefully.
From other comments on previous revisions of this document, people
expressed concern over whether normative language had any place in
descriptions of operational practice (as opposed to protocol
implementation). As such it's not clear to me whether MUST NOTs in
this section would have any teeth.
I agree with Thomas that it is important to state this very
clearly. How about something like this:
Firewall policy intended to protect against packets containing RH0
must be constructed such that routing headers of other types
are not filtered by default. Doing so will break other uses of
the routing headers such as the Routing Header Type 2 used by
Mobile IPv6 [RFC3775] and future
functionality designed using other routing header types.
and something similar for the later text.
Comments?
Bob
How about replacing "hamper" with something stronger ("defeat"?
"break"?) If you have other suggestions for text, I would be happy
to see them.
Where filtering capabilities do not facilitate matching specific
types of Routing Headers, filtering based on the presence of any
Routing Headers on IPv6 routers, without explicitly checking the
Routing Header type, is strongly discouraged.
Again, this is too weak, IMO. "strongly discouraged" is not the same
as "don't do that". It should be clear that from a standards
perspective that that sort of filtering is non-compliant.
I wonder again about normative language being applied to
operational practices, and would appreciate enlightenment.
How about adding a sentence which is a little more blunt, along the
lines of "filtering routing headers indiscriminately, without
regard to type, will seriously impair future extensions of the IPv6
protocol which make use of Routing Headers"? Other suggestions?
8.1. Normative References
[RFC4294] Loughney, J., "IPv6 Node Requirements", RFC 4294,
April 2006.
Shouldn't this reference be informative?
The document states that it update RFC4294 in section 1, so I
presumed that reference needed to be normative.
Joe
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
