Brian E Carpenter wrote on 24/11/2018 20:17:
Operators make their own decisions, so I think that is what the draft should say. Something like:3.5.5. Advice Operators should determine according to their own circumstances whether to discard packets containing unknown IPv6 EHs. And at the same time, delete the 2nd and 3rd sentences of this: 3.5.3. Specific Security Implications For obvious reasons, it is impossible to determine specific security implications of unknown IPv6 EHs. However, from security standpoint, a device should discard IPv6 extension headers for which the security implications cannot be determined. We note that this policy is allowed by [RFC7045].
This looks like a sensible approach.
I don't expect these changes to have much impact in the real world, however.
Indeed. The real world is more complex than can be easily encapsulated in a draft like this, and it changes more quickly than rfcs.
Nick _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
