On 06/06/2013 16:23, Nalini Elkins wrote: > Brian, > > Two questions: > > First: > >>> Some tricky and potentially malicious cases will be >>> avoided by forbidding >>> very long chains of extension headers that need to be >>> fragmented [I-D.ietf-6man-oversized-header-chain]. > > I wonder if this is the place to define "very long"?
I guess those two words can be deleted - the issue is only that the header chain gets fragmented at all. The full discussion is in the cited draft, of course. > > Second: > > Are there other RFCs which have rules for what "middle boxes" > will do? I am not referring to translation techniques such > as SIIT, etc. which is implemented in some load balancers. I > guess I am wondering more about if there is a precedent for > regulating what packets firewalls will and will not forward. The IETF hasn't done much about firewalls at all. This search produces far more expired drafts than anything else: https://datatracker.ietf.org/doc/search/?name=firewalls&rfcs=on&activeDrafts=on&oldDrafts=on&search_submit= Brian > > BTW, thanks so much for doing this! > > > Thanks, > > > Nalini Elkins Inside Products, Inc. (831) 659-8360 > www.insidethestack.com -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
