On 06/11/2013 11:50 AM, Jared Mauch wrote: > > On Jun 11, 2013, at 12:23 AM, cb.list6 <[email protected]> wrote: > >> I believe Warren's data hints at the idea that the packets will vanish if >> they don't fit a very specific profile. > > Very likely… > > Anything beyond the ability of my device to filter poses a security risk.
That's why we're considering limiting the size of the IPv6 header chain. > Example from 2008 of operators turning off header processing: > > http://www.gossamer-threads.com/lists/nsp/juniper/15066 I only skimmed through the that thread... but it seems unlreated to this issue -- that thread seems to be about filtering RHT0, which has/had known security issues such as being useful for amplification attacks. Cheers, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
