Hi, Fernando
I guess it all depends on the TV? e.g., I for one I'm not planning to throw it out just because Sony decided to quit pushing updates (which were never automatic for my set).
I don't have a Sony TV, so I have a slightly different perspective.
The essence of the extension header issue is determined by the competition between operators and equipment vendors. For most internet users, they rely on the default configurations provided by the operators or equipment vendors. Operators always want devices from vendors that offer powerful features (e.g., in SRv6, equipment vendors aim to support as many layers of Segment Routing lists as possible). However, during actual deployment, only a portion of these features is used due to security concerns. Equipment vendors are motivated to innovate as they seek to outperform their competitors and gain profits in the market.
The extension headers in IPv6 provide a significant advantage beyond the address space of IPv4, enabling flexible and programmable network transmissions. Looking at the current applications of IPv6 extension headers, notable achievements have been made (such as SRv6). Perhaps it's time to consider reducing restrictions on extension headers and allow for more innovation and application.
Johnson Yu
---- Replied Message ----
| From | Fernando Gont<[email protected]> |
| Date | 5/25/2023 08:49 |
| To |
Brian E Carpenter<[email protected]>
, Andrew Campling<[email protected]> , Fernando Gont<[email protected]> |
| Cc |
IPv6 Operations<[email protected]>
, 6man<[email protected]> , [email protected]<[email protected]> |
| Subject | Re: [v6ops] [OPSEC] [IPv6] Why folks are blocking IPv6 extension headers? (Episode 1000 and counting) (Linux DoS) |
Hi, Brian,
On 23/5/23 00:41, Brian E Carpenter wrote:
[...]
Given the amount of things that get connected to the Net (smart bulbs,
refrigerators, etc.) -- and that will super-likely never receive
security updates, you may have to rely on your own network.
For instance, I wouldn't have my smart TV "defend itself".
Cheers,
--
Fernando Gont
SI6 Networks
e-mail: [email protected]
PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494
_______________________________________________
v6ops mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/v6ops
ÿ
On 23/5/23 00:41, Brian E Carpenter wrote:
[...]
That depends where you choose to apply the zero trust model. As Steve
Bellovin argued many years ago in his distributed firewalls paper,
distributing the trust model to the end systems is best, because you no
longer have to trust any intermediate systems.
Given the amount of things that get connected to the Net (smart bulbs,
refrigerators, etc.) -- and that will super-likely never receive
security updates, you may have to rely on your own network.
For instance, I wouldn't have my smart TV "defend itself".
Cheers,
--
Fernando Gont
SI6 Networks
e-mail: [email protected]
PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494
_______________________________________________
v6ops mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/v6ops
ÿ
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
