Tom, >> Unless the application had a particular use for a extension header I would >> not implement it. > > So you only run one application in your network? :-) Even if you > polled every user in the network about every application they're > running and found they don't currently use a certain protocol, what > happens the next day when one of your customers wants to use the > banned protocol?
The customer is the application. My case is where the application and load-balancer is tightly coupled. The point I was trying to make is that applications are built out of quite complex building blocks. And I don’t think you have made a strong case for why those building blocks should support passing EHs transparently to an application that doesn’t use them. To the extent that you can actually define where the application endpoint starts/ends. If we were to build an application that had some use for an EH, then we’d just build that into the app. Everything that has an IP address, isn’t going to be a full fledged fully generic host stack. But unless this moves away from being hypothetic... O. _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec