On 24/11/18 17:37, C. M. Heard wrote: > On Sat, Nov 24, 2018 at 12:30 PM Nick Hilliard <[email protected]> wrote: >> Brian E Carpenter wrote on 24/11/2018 20:17: >>> Operators make their own >>> decisions, so I think that is what the draft should say. Something like: >>> >>> 3.5.5. Advice >>> >>> Operators should determine according to their own circumstances >>> whether to discard packets containing unknown IPv6 EHs. >>> >>> And at the same time, delete the 2nd and 3rd sentences of this: >>> >>> 3.5.3. Specific Security Implications >>> >>> For obvious reasons, it is impossible to determine specific security >>> implications of unknown IPv6 EHs. However, from security standpoint, >>> a device should discard IPv6 extension headers for which the security >>> implications cannot be determined. We note that this policy is >>> allowed by [RFC7045]. >> >> This looks like a sensible approach. > > I could live with that.
FWIW, I can live with that, too. UNless somebody screams against it, I will apply the proposed change to the next rev. Thanks! > Similar changes might be considered for Sec. 4.4.5. Will do. Thanks! -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
