On Fri, May 26, 2023 at 2:13 AM Ole Troan <[email protected]> wrote: > > > A well-implemented host will not be troubled by unkown extension headers or > > options. > > > > Indeed. However, not all hosts are well-implemented. > > "Not be troubled by” == “drop”? > I don’t agree that a well-implemented host and application should blindly > accept any and all extension headers.
Ole, Right, that's why RFC8504 and 6man-eh-limits allow hosts to set various limits on extension headers in packets-- if a host limit is exceeded then the packet is discarded. 6man-eh-limits also also intermediate devices to have similar limits and if those limits are exceeded then any items beyond the limit are forwarded and that is *not* a reason to discard packets. > If my application cannot use those extension headers why do you send them to > me? > If they are purely for the use in the network, then again why do you expose > them to the application? > > If you can give some practical examples where it’s beneficial to “process” > unknown extension headers by hosts/applications, then this may be a little > easier to reason over. Segment routing where the final destination is a VM. Tom > > O. _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
