Brian E Carpenter wrote: > Hi, > > I haven't noticed a single comment on this version, so is it > fair to assume everybody has read it and is in agreement? If so, > we'll ask the WG Chairs to move it towards WGLC. If there are > more comments, we still have to time to update the draft before > Berlin. > > Regards > Brian Carpenter
I think this version still contains a large element of King Cnut commanding the tide to stop. End users have different perspectives: one will see a firewall as evil because it hinders innovation, whilst another will see a firewall as absolutely necessary because innovation leads to bugs and vulnerabilities in end nodes, which need to be protected until they are patched. I'm not sure the current text is entirely balanced in this respect. I would also like to see some text on whether it is possible/desirable for a middleware box to strip unknown headers, or even some known headers, rather than making a binary decision to drop or transmit the entire packet. If (new) headers are truly optional or experimental, the residual stripped packet may still have value e.g. stripping hop by hop extension headers on entry to/ egress from a corporate network or transit AS. That way the (new) extension headers could be usefully deployed in an AS that supports them, but the end to end traffic would not be blocked further along the path by firewalls in an AS that does not. regards, RayH -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
