On Fri, Jul 18, 2014 at 12:21 AM, Fernando Gont <[email protected]> wrote: > On 07/17/2014 04:38 PM, Joe Touch wrote: >>>> >>>> They need to be characterized as what they are: >>>> >>>> - an attempt to accommodate devices that are NOT IPv6-compliant >>> >>> I'd have a hard time coming uup with a vendor/device that can process >>> IPv6 packets with HBH header with the same performance as regular >>> packets. So.. are you suggesting that we start claiming that "we >>> currently do not know of any ipv6-compliant routers", or what? (fwiw, I >>> expect you are not) >> >> If we are, then it's time to adjust RFC2460. > > I disagree. Operational policy != protocol specification. Actually, the > IETF can do whatever it wants with the protocol specs, but not that much > with the operational stuff (other than providing *advice* -- because ops > folks can do whatever they want with their networks). > > >> IMO, we ought to: >> >> - define the features/capabilities we think are necessary >> >> - require that anything that doesn't support what's necessary >> as non-compliant >> >> Otherwise, you're just un-doing all the work that goes into the >> standards process in the first place. All because you think that >> anything you don't expect is an attack. It isn't. It just means you're >> not prepared. > > We seem to be in disagreement. If anything, anything that I don't want > is not an attack, but rather an unnecessary attack surface.
Related to this is http://tools.ietf.org/html/draft-taylor-v6ops-fragdrop-02 -- Why Operators Filter Fragments and What It Implies This expired, but I suspect we may need to revive it... W > But again, > please read the I-D... because it really doesn't follow that reasoning. > > Thanks, > -- > Fernando Gont > SI6 Networks > e-mail: [email protected] > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > > _______________________________________________ > OPSEC mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsec _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
