The IESG has received a request from the Operational Security Capabilities for IP Network Infrastructure WG (opsec) to consider the following document: - 'Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers' <draft-ietf-opsec-ipv6-eh-filtering-06.txt> as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2018-12-03. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Note: The WGLC was sent to OpSec, 6MAN and V6OPS to get wider review: https://mailarchive.ietf.org/arch/msg/v6ops/MvzKKTYCDtWVtlIGxb6OfQlUats Abstract It is common operator practice to mitigate security risks by enforcing appropriate packet filtering. This document analyzes both the general security implications of IPv6 Extension Headers and the specific security implications of each Extension Header and Option type. Additionally, it discusses the operational and interoperability implications of discarding packets based on the IPv6 Extension Headers and IPv6 options they contain. Finally, it provides advice on the filtering of such IPv6 packets at transit routers for traffic *not* directed to them, for those cases in which such filtering is deemed as necessary. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-opsec-ipv6-eh-filtering/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-opsec-ipv6-eh-filtering/ballot/ No IPR declarations have been submitted directly on this I-D.
