On 7/17/2014 3:03 PM, Fernando Gont wrote:
On 07/17/2014 02:11 PM, Joe Touch wrote:
On 7/16/2014 3:13 PM, C. M. Heard wrote:
Even it I don't agree with all of them, the filtering
recommendations in this draft do seem to motivated by legitimate
operational
concerns, not blanket paranoia.
They need to be characterized as what they are:
- an attempt to accommodate devices that are NOT IPv6-compliant
I'd have a hard time coming uup with a vendor/device that can process
IPv6 packets with HBH header with the same performance as regular
packets. So.. are you suggesting that we start claiming that "we
currently do not know of any ipv6-compliant routers", or what? (fwiw, I
expect you are not)
If we are, then it's time to adjust RFC2460.
IMO, we ought to:
- define the features/capabilities we think are necessary
- require that anything that doesn't support what's necessary
as non-compliant
Otherwise, you're just un-doing all the work that goes into the
standards process in the first place. All because you think that
anything you don't expect is an attack. It isn't. It just means you're
not prepared.
Joe
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
