Hi, I believe we've already covered the topic quite thoroughly in RFC 9098.
But if you want yet another data point, FYI this is instance N++ of a DoS based on IPv6 EHs implementation flaws: https://www.interruptlabs.co.uk/articles/linux-ipv6-route-of-death
It should be no surprise what security-minded folks tend to do with IPv6 EHs, particularly when there's currently no much reliance on them these days.
Thanks, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
