Brian E Carpenter wrote on 24/11/2018 20:17:
Operators make their own
decisions, so I think that is what the draft should say. Something like:
3.5.5. Advice
Operators should determine according to their own circumstances
whether to discard packets containing unknown IPv6 EHs.
And at the same time, delete the 2nd and 3rd sentences of this:
3.5.3. Specific Security Implications
For obvious reasons, it is impossible to determine specific security
implications of unknown IPv6 EHs. However, from security standpoint,
a device should discard IPv6 extension headers for which the security
implications cannot be determined. We note that this policy is
allowed by [RFC7045].
This looks like a sensible approach.
I don't expect these changes to have much impact in the real world,
however.
Indeed. The real world is more complex than can be easily encapsulated
in a draft like this, and it changes more quickly than rfcs.
Nick
