On Sat, Nov 24, 2018 at 12:30 PM Nick Hilliard <[email protected]> wrote: > Brian E Carpenter wrote on 24/11/2018 20:17: > > Operators make their own > > decisions, so I think that is what the draft should say. Something like: > > > > 3.5.5. Advice > > > > Operators should determine according to their own circumstances > > whether to discard packets containing unknown IPv6 EHs. > > > > And at the same time, delete the 2nd and 3rd sentences of this: > > > > 3.5.3. Specific Security Implications > > > > For obvious reasons, it is impossible to determine specific security > > implications of unknown IPv6 EHs. However, from security standpoint, > > a device should discard IPv6 extension headers for which the security > > implications cannot be determined. We note that this policy is > > allowed by [RFC7045]. > > This looks like a sensible approach.
I could live with that. Similar changes might be considered for Sec. 4.4.5. Mike Heard _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
