Removing the HbH header should not be necessary once the new RPI code point is in use, if it is possible to prevail on draft-ietf-opsec-ipv6-eh-filtering to give the right advice and to prevail upon operators to follow said advice.
The advice now in draft-ietf-opsec-ipv6-eh-filtering is just plain wrong for 0x23 (or whatever new code point is chosen), since the explicit intent of useofrplino is to allow packets leaving the RPL domain to be processed normally by RPL-unaware nodes without stripping the option. That after all was the whole point of changing to a code point that allows nodes that don't recognize it to ignore it. --cmh On Tue, Nov 28, 2017 at 8:00 AM, Pascal Thubert (pthubert) < [email protected]> wrote: > Hello Michael: > > Clarifiation would be that dropping 0x63 is OK but dropping 0x23 or > whatever it is that IANA assigns (as Brian said) for us is not. > It would be simpler that we just remove the HbH Hdr at the egress of the > RPL network systematically; this overrides a rule in RFC 8200 but still > makes sense in the particular case. > > Cheers, > > Pascal > -----Original Message----- > From: Michael Richardson [mailto:[email protected]] > Sent: mardi 28 novembre 2017 16:44 > To: C. M. Heard <[email protected]> > Cc: OPSEC <[email protected]>; Ines Robles <[email protected]>; > Pascal Thubert (pthubert) <[email protected]> > Subject: Re: Filtering advice for RPI option in draft-ietf-opsec-ipv6-eh- > filtering-04 > > > C. M. Heard <[email protected]> wrote: > > It seems to me that the option description and filtering advice given > > in > > https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh- > filtering-04#section-4.3.4 > > a) it only coverts 0x63, and we are changing to 0x23. > b) yes, the advice to drop is not good. > > I'm unclear from a quick read if this the black-list advice, or the > white-list advice. > > > -- > Michael Richardson <[email protected]>, Sandelman Software Works -= > IPv6 IoT consulting =- > > > >
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
