Joe Touch wrote on 05/12/2018 12:13:
Then THAT is the security issue.. Not the packets that cause a broken
implementation to have problems.
In this specific case:
1. the protocol definition states that HBH packets should be processed
per intermediate node.
2. even small routers can now handle terabits of data plane throughput.
What do we do?
1. declare that these routers should be able to process terabits of HBH
packets (or experimental EHs because we don't know whether experimental
EHs are required to be processed HBH or by end points only).
2. formally drop the requirement for intermediate routers to process HBH
headers
3. build routers which will take some HBH headers at low packet rates
and drop the rest (+ update rfcs to make this formally compliant).
4. something else.
Nick
