The reality is that standards are not followed, agreed. That does not imply that we need to relax those standards - instead, it can be reason to fix broken devices.
Working at the level of the most broken device is no way to run a production Internet. And claiming that doing so is appropriate for security reasons is just as broken, as it always has been. Joe > On Nov 24, 2018, at 5:13 PM, Fernando Gont <[email protected]> wrote: > > Joe, > >> On 24/11/18 17:59, Joe Touch wrote: >> The problem is operators using this advice as if it were BCP - and later >> docs treating the suggestions as recommended advice. >> >> This treats everything unknown as an attack (a disease I’ve noted in many >> similar docs for years), where it should also consider that doing so is >> *itself* an attack on the very flexibility we design in as standard. > > This is the reality: RFC7872. > > We should consider claiming vitory if somehow people were to follow the > advice in this draft. > > This is what happens in the operations camp: > https://tools.ietf.org/html/draft-gont-v6ops-ipv6-ehs-packet-drops-03- > > Ironically, the possible harm you apparently see behind this document > is, from an operations-reality pov, kind of a very idealistic take. -- > the situation right now is that you cannot use EHs reliably on the > Internet. If if you even expect non-standardized EHs to go through, > then, while nice, that expectation really needs a reality-check. > > Thanks, > -- > Fernando Gont > SI6 Networks > e-mail: [email protected] > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
