-----Original Message----- From: Tom Herbert <[email protected]> > It's more than a preference to have host security, it is an absolute > requirement that each host provides security for its applications and users. > This requirement applies to SmartTVs, SmartPhones, home computers, and pretty > much all the several billion end user devices connected to the Internet. No > host device would ever assume that the network consistently provides any > adequate level of security, for real security we need to assume that the host > is the first and last line of defense (i.e. zero trust model).
I could not agree more, Tom. So, as Fernando and others have said, the impulse is to block everything coming in from the Internet that you figure you don't need **right now**. Such as weird complicated header extensions. The ISP has its own concerns, to protect its network, but I, in my enterprise or household, have different concerns. I'm not going to trust the ISP's security mechanisms to provide my own security needs. Honestly don’t see how IPv6 is going to change that. Over time, perhaps, some specific extensions used out in the wild will be seen as crucially important to my enterprise or household, and maybe those will not be blocked. But "trust me, you must accept all these EHs"? More likely, those potential innovations will go unused and maybe will eventually be implemented in a different way. Security evolved as it did, over IPv4, for a reason, methinks. Bert _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
