Hi, David, On 18/5/23 02:14, David Farmer wrote:
On Wed, May 17, 2023 at 13:57 Tom Herbert <[email protected] <mailto:[email protected]>> wrote:
[...]
Maximum security is rarely the objective, I by no means have maximum security at my home. However, I don’t live in the country where some people still don’t even lock there doors. I live in a a city, I have decent deadbolt locks and I use them.
[....]
So, I’m not really happy with the all or nothing approach the two of you seem to be offering for IPv6 extension headers, is there something in between? If not, then maybe that is what we need to be working towards.
FWIW, I[m not arguing for a blank "block all", but rather "just allow the ones you really need" -- which is a no brainer. The list you need is, maybe Frag and, say, IPsec at the global level? (from the pov of most orgs).
(yeah... HbH and the like are mostly fine for the local link (e.g. MLD). Thanks, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
