Fernando, As I said in Paris, very useful I-D which is really important for stateless firewalls (read switch ACL).
Two minor comments: - section 2.0 I would also explicitly add ICMP in addition to UDP & TCP (as ICMP is not really an upper-layer protocol as it is the control engine of the network layer) - not sure whether an upper-layer header could strictly be part on the IPv6 extension header chain (at least not per RFC 2460) Even as the I-D is, it is ready for WGLC IMHO -éric > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > [email protected] > Sent: lundi 16 juillet 2012 23:39 > To: [email protected] > Cc: [email protected] > Subject: I-D Action: draft-ietf-6man-oversized-header-chain-01.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the IPv6 Maintenance Working Group of the > IETF. > > Title : Security and Interoperability Implications of > Oversized IPv6 Header Chains > Author(s) : Fernando Gont > Vishwas Manral > Filename : draft-ietf-6man-oversized-header-chain-01.txt > Pages : 13 > Date : 2012-07-16 > > Abstract: > The IPv6 specification allows IPv6 header chains of an arbitrary > size. The specification also allows options which can in turn extend > each of the headers. In those scenarios in which the IPv6 header > chain or options are unusually long and packets are fragmented, or > scenarios in which the fragment size is very small, the first > fragment of a packet may fail to include the entire IPv6 header > chain. This document discusses the interoperability and security > problems of such traffic, and updates RFC 2460 such that the first > fragment of a packet is required to contain the entire IPv6 header > chain. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-6man-oversized-header-chain > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-6man-oversized-header-chain-01 > > A diff from previous version is available at: > http://tools.ietf.org/rfcdiff?url2=draft-ietf-6man-oversized-header-chain-01 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
