Joe, On 25/11/18 03:24, Joe Touch wrote: > The reality is that standards are not followed, agreed. That does not imply that we need to relax those standards - instead, it can be reason to fix broken devices. > > Working at the level of the most broken device is no way to run a production Internet. > > And claiming that doing so is appropriate for security reasons is just as broken, as it always has been. This document is a product of the opsec working group. As such, it talks about what you can do with what you have. Blaiming vendors, even if warranted, is not something that is going to change what an operator may do with these packets. If, e.g., what you want to is that vendors provide full (hardware) support for all EHs, then the way to go would probably be to have 6man publish a document saying that implementations without such support should not claim they support IPv6. In such case, I wonder how many of those "ipv6-enabled" boxes we'd have ... and then probably we'd decide that that would not be politically-convenient, and prefer to look elsewhere. What this doc tries to do is to analyze the possible effects of different types and options, and only advice to drop them when there is a clear reason to do so. If you go through all the types we discuss, you'll see that, for the vast majority, the advice is "pass it". -- Fernando Gont SI6 Networks e-mail: fgont@xxxxxxxxxxxxxxx PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492