On 10/06/2012 03:49 PM, Brian E Carpenter wrote: >> o Filter specific extension headers, where possible > > Please consider citing draft-carpenter-6man-ext-transmit, which discusses > what firewalls need to do about extension headers.
Wasn't aware about this I-D: 1) What's the plan for it? 2) It should probably reference draft-ietf-6man-oversized-header-chain, since it means that you can safely drop first-fragments that fail to include the entire IPv6 header chain. Cheers, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
