IETF Logo Mail Archive

Re: [OPSEC] Robert Wilton's No Objection on draft-ietf-opsec-ipv6-eh-filtering-08: (with COMMENT)

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Wed, 14 July 2021 14:30 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72E7F3A1AE6; Wed, 14 Jul 2021 07:30:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.596
X-Spam-Level:
X-Spam-Status: No, score=-9.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=h0Xt8MGD; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=luCaSI/x
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id df1SySqucZeY; Wed, 14 Jul 2021 07:30:28 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2E9B3A1AE3; Wed, 14 Jul 2021 07:30:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4086; q=dns/txt; s=iport; t=1626273028; x=1627482628; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=2b9UAmNTLrz9gaepaW52QjcFKEPD1LhcRDXRKhGlxCw=; b=h0Xt8MGDKUtMAoxzlbTv7csqXd2DJ2q2z9rfeChZbq88wJQT41ZHemCy K6a8zVhngsK6J/YL8UrissdUvHrrRfKU5FJqgqV6lqCX5KtLscAtl2le/ /hsyotp/vy/ZAUBacDXoHn6eIr8ribrZJ1Tuy2YQEg7mc7rgfOBhJqkPx U=;
X-IPAS-Result: A0BcAwCR9O5gl5hdJa1aHgEBCxIMQIMsIy5+WjcxhEiDSAOFOYhbA5otgUKBEQNUCwEBAQ0BATUMBAEBhFQCF4JiAiU4EwIEAQEBAQMCAwEBAQEFAQEFAQEBAgEGBBQBAQEBAQEBAWiFaA2GRQEBAQQSEREMAQExBgELBAIBCBEDAQIDAiYCAgIwFQgIAgQBDQUigk8BglUDLwEOmz4BgToCih96gTKBAYIHAQEGBASBSUGDSRiCMgMGgRAqgnuEDoJog3onHIFJRIEVJxyCYj6CYgIBAoEoARIBIYMXNoIug1cmBCIZFgIEexIHUxeSIoNCp3wKgySKNI4lhV0FJoNji1yXHJYHjDCTVh6EYQIEAgQFAg4BAQaBciJrWBEHcBVlAYI+UBkOjh8MDQkVgzmFFIVKcwI2AgYBCQEBAwmLfgEB
IronPort-PHdr: A9a23:5ly4GBeZNm98H7dPncF4KlU+lGM/r4qcDmcuAtIPgLNVeaPl9JPnb wTT5vRo2VnOW4iTq/dJkPHfvK2oX2scqY2Av3YPfN0pNVcFhMwakhZmDJuDDkv2f/XrdCc9W s9FUQwt83SyK0MAHsH4ahXbqWGz6jhHHBL5OEJ1K+35F5SUgd6w0rW5+obYZENDgz/uCY4=
IronPort-HdrOrdr: A9a23:8MZo2a7KLABk7iaRQAPXwZ6CI+orL9Y04lQ7vn2ZFiY1TiXIra 6TdaoguiMc0AxhJ03Jmbi7Sc69qeu1z+833WBjB8bdYOCAghrrEGgC1/qj/9SEIU3DH4FmpN xdmsRFebjN5B1B/LrHCWqDYpMdKbu8gdqVbI7lph8HJ2wHGsIQjTuRSDzrb3GeLzM2Y6bRYa Dsnvav0ADQAEj/AP7LYkUtbqzmnZnmhZjmaRkJC1oM8w+Vlw6l77b8Dlyxwgoeeykn+8ZnzU H11yjCoomzufCyzRHRk0XJ6Y5NpdfnwtxfQOSRl8kuLCn2gArAXvUnZ1TChkFynAic0idzrD D+mWZ6Ay210QKKQoiBm2q15+An6kdy15at8y7FvZKpm72JeNtzMbswuWseSGqH16Ll1+sMgZ 6iGAmixsRq5Fr77VbAD5KjbWAYqmOk5XUliuIdlHpZTM8Xb6JQt5UW+AdPHI4HBz+S0vFpLA BCNrCQ2B9tSyLXU5kZhBgn/PW8GnAoWhuWSEkLvcKYlzBQgXBi1kMdgMgShG0J+p4xQ4RNo7 2sCNUoqJheCssNKa5tDuYIRsW6TmTLXBLXKWqXZVDqDrsONX7Bo4P+pL81+OapcpoVy4Zaou WObHpI8WopP07+A8yH25NGthjLXWWmRDzojtpT4pBo04eMDoYD8RfzA2zGtvHQ1cn3LverL8 pbCagmS8MLd1GebLqh9zeOLKVvFQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.84,239,1620691200"; d="scan'208";a="744221074"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Jul 2021 14:30:26 +0000
Received: from mail.cisco.com (xbe-rcd-007.cisco.com [173.37.102.22]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 16EEUQJh011892 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Wed, 14 Jul 2021 14:30:26 GMT
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xbe-rcd-007.cisco.com (173.37.102.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Wed, 14 Jul 2021 09:30:26 -0500
Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Wed, 14 Jul 2021 09:30:25 -0500
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Wed, 14 Jul 2021 09:30:25 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oAA+Cgnk1O4nn2d+WVKOevOv5/89x+Xe65QKN9sfLfjuLckEwxm6LMmege9pXw2LNvVKK4ncLufN7R2xqy/nNZ53ACPtJqo762k3f2x8MqBIX2EnxWpds0G8WPys4wTxJZnfULLbUgmrgWIXsz7Hqqrl7wDjqsCFfJjD6P0ZGf0UhuubRdYKzbSdABAae0zC1nQdM0wRuiBAKMg2kC2k2UwHZ99m16z/gLZx9VxWmLhuyaRBMB906ElDzUjunXLrGi1bufr6nFKZp7fGhAWCHGc3xrbh31P1O8Wrjl1WdNuOkrGF4sc+z/06FsgljYpIqGwfacstbo36/DhyRCoOKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2b9UAmNTLrz9gaepaW52QjcFKEPD1LhcRDXRKhGlxCw=; b=gtrm957VgpHh9LYeYAw1x7Hrbz/ptHVOToEBEHaKpJb6jyWnptLj6ho+A/es5P5CEYAjRTCLEVf++L+nxEX9reP+Fe9ia+ZycVwoN5Yo1xYlrH1wqYNBfqkpyJnJ9Hqr6qK5BUWGjy/ZhRx+T/P6x5hAYXQL/6T4EK3SXssdx0Zicuhnf2nD7pKduCEL+LCkCi8VQh3R8N++Z8AS+G2aXS7Zd+Bn1kdxrIuQ1bKQxMF+pVdPKHbOHxUX7/es5Os7Zv1K10CeN5RXWOiVPhdm2MklHNzQ8iB2yusfStG1z2VncIYYNIGfEtL3TMjwS99cdn4cMJwG9ZgnFlb/ApG3mw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2b9UAmNTLrz9gaepaW52QjcFKEPD1LhcRDXRKhGlxCw=; b=luCaSI/xg5cL4NNIpVmsWZMYD7/2RcyCw9sxlI8OqXR1O6qUHfdSKceQAAtmscChRV6Bw0O1Jg+VW6NgTO5tZVg5ksUVNaI9/n8R9qJEdDKorZvESqQJ9uywm/CHaA4y2j1lXJY9U5QMOy1z5OaUGEayApC2YawJzujw4g1+034=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB5174.namprd11.prod.outlook.com (2603:10b6:510:3b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.22; Wed, 14 Jul 2021 14:30:24 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::6d61:c160:def1:bc64]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::6d61:c160:def1:bc64%4]) with mapi id 15.20.4308.027; Wed, 14 Jul 2021 14:30:24 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "Rob Wilton (rwilton)" <rwilton@cisco.com>, The IESG <iesg@ietf.org>
CC: "opsec@ietf.org" <opsec@ietf.org>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, "draft-ietf-opsec-ipv6-eh-filtering@ietf.org" <draft-ietf-opsec-ipv6-eh-filtering@ietf.org>
Thread-Topic: Robert Wilton's No Objection on draft-ietf-opsec-ipv6-eh-filtering-08: (with COMMENT)
Thread-Index: AQHXeLuEanAzO6/lLEWypFJRzI/zNatCqZ+A
Date: Wed, 14 Jul 2021 14:30:24 +0000
Message-ID: <636E8217-CE5C-4EFE-936A-8557BD06BBA9@cisco.com>
References: <162627246688.2550.633739475665083091@ietfa.amsl.com>
In-Reply-To: <162627246688.2550.633739475665083091@ietfa.amsl.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.51.21071101
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 17a68e08-ebcb-4516-f79f-08d946d3eaf2
x-ms-traffictypediagnostic: PH0PR11MB5174:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <PH0PR11MB51743F3EB1116CF5CEA0CFD7A9139@PH0PR11MB5174.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: P7O1Y3iIKIOZjw1QTHrqhEZ37KId7rHUBSd0wXMZy18SSFAcKiczARxw4Kdv4c3rDndHbiMkOBzBMUkCjvgyC675SIHVwuQReVduKMhUUHWQDMPRQLt34QQgKEh9d+iI+y7JuDKPaly4IHrOLb/yhdRLU8oL9iPQL9uu73QYa/xI7+Sj3nGuDsFGWZD/lOoWlQkFDUhCuhv2BIhWxEshpcQ8KBDfAcLWsz5c2eaOfMPBOR+k0wopuR8LvZNwxElKeW+5kJ7pEEZQ0Chs9HLPZz3IFIg5tvYdtald6uJJl14pDmSDcTW/2pAbnZy+hAPSZG5BCZxSCGlikY1iNGfqDKcde3kuJ218s+NknS/3Fvvb2IPexuVn5NLtkfjri/za+lHt4Zb2KT9mAOIbFmOlI6JBaNyvrTVMTLpdkocIQz/y1RRTDEX+WIz/GfpsMSvxh7ty0psJweTJyBE97oPnmdVcGVm7Cpmwp8bl7qI21wgf5mDXH6iWVI3aWlSvcLaXlhPMrN53bJ6xX/+eHBM25XxRh69lWC9D09YMAOiDGWKH3eEVWFzI47U9s02tTUh55oaiATYSye36uhsihGKKn1oyQaoby/3GRUr+hQ/BlH1Xhcm8lsEwKx3U+1F+Q/7V2WjCcc0gyzSr7f1OUwsoeGM4TJuX1j5GfHExcrU0QZA3W/v9VQzPWSddUUQZKAQju/WQTwLh//dJ84vZAI6gBFUlxwPAUVKy47RwiOiWD/v7Lmm+RdtJM8gU5hdXcuoQPxzTg/FxEsLbjC4UAguJEjp83QcDDFKszNebLI79jVn1GMy3HUbNXvvtYBWPlPEwWIvpaIofjrkbGS4Husaaqvs/JgSN/UL/0GXlTOGNVgs=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(396003)(39860400002)(366004)(346002)(136003)(316002)(2616005)(4326008)(33656002)(6486002)(6512007)(122000001)(2906002)(186003)(5660300002)(66574015)(86362001)(450100002)(66476007)(64756008)(966005)(53546011)(6506007)(66946007)(110136005)(76116006)(66446008)(478600001)(83380400001)(8676002)(66556008)(71200400001)(8936002)(54906003)(38100700002)(91956017)(36756003)(38070700004)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: lrSfpoK4EB1fO/NKrabrailjaVJeuMenOLTgZq05ABc3AAH/ngm4n40SnmYrKEjdoVfTmiRvJJY01hYurPJXhrjvD+hx9gO+5V9m6dLdpHgOFx5AKELYVkcvWRV5JbLUN5MgAXvVmv6Bhe+8IYoWOdKJPs60b+RYriKc4i1TfgSW/3crmHHahFEoq8zo69MvaYDcYRmtTeHeLpf6QFA2R1Pzbnm5H5tA0BVEU4AsAtBKCT4SeYtGhRc6ZUmy6YSOt0AwL7DuuukWyUNF8JH9TuMuqmpWBT6Ss3Sm2pgsmFaeNgTWxiom3y1Q6zh25az3N4Pb/UxFtf4fJCr+LVcrieuRndC2QgevnCEfN91TYBYWQU/P7tguRnf2DdZUhOkfQjGEDE9yJZMYbdbm8mFFAemLiqeJLF4M+XUZey7U/xVocCIcyyiIPAdrKnjgLCNr+XyuOt6ok/QydMfNft5Unz6nSOX+kWhYXZhKGP+DRpPSuEpS5WOWXoner16JlTuAxLYMdbFIzLRKL8xiUhSvui5NHj58dPkxqXmLNjxFgP7vA2IogIKPB7l30mWQ4j6JOEh0cseHEr+mPBwLLzpC/9sQqwclJeDfcEsO+MdYuNoCje//LRcl5vF6WiJdDbQKqdXP6J7DTsiaBD9Pe3GPltVqVwfBTH7AEDKNuvDUHv93Tz4B5TI09L4HQr8jCGrdK+cgH8mMXViwOnjTpjufQBSCIeNiP+JtljXF6V6JiTojC46CpDXh5yaDIzdWTIxuz9t/Z5LIWlPeDWSt+gJ3J8INcVROR3Rt0g2M6rxYsJ0zOGT8Jr0TK72fqR3Sp4GsVoWyviX1zGOailmZ7onzfrEF58kF+6/0R0ppOv5kATFEs+tPkEder9WxXQZOYo4vY3PZRt7CtFE0O3PvJ57agfl7iidX4ZXaffvJbJ2eWxLopN20tplk58I6qC8nKi0AwPGXsOEJWJDdo/t5R0MZzvMlT/ea2EpV8RE+kbF93W42YAx1U73sjMkgWujCaOYPbnQJ9q+G1+aTjTcGcBwkHmC0PPsU37wzyXeAP3uboDhGyhhBGk/TUzj/6O2iWlGMWDJ24Qa3C30HTTTYuHom2wJzaEhIibx15c8UxvaXd0svkabfSbs2CdMhGOn/eUrP4GsEKpkKH3jpYiRx/MUwOffjvFBE0IjiShXR7sFkDBKVnmD6Fh7ygb0LwN3W/vTRpPDcRBgf9V/dCxvgP9MPQq4D4F2fEuusuoRNmbUnYfqq/pW4OKLd5jJmDI5dKDqWqgwcJp9emc87xDHLdWw6UwsMqm/BZ+THUV9h8LGofg8Lu/wGyhpoJ02mJxuJd/M9Egx7Pr79jKfYQxAvus8Std1GBAKhc+7aD7n40Zpn46pMIOTw3aN6iSsQdWLnPkHctEWjpCwB03dDC/h3MjOBjQ==
Content-Type: text/plain; charset="utf-8"
Content-ID: <3E92E3FDF51FCC48BD4DC3DD3355801E@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 17a68e08-ebcb-4516-f79f-08d946d3eaf2
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jul 2021 14:30:24.1868 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: OfMxBLiGWCBpC8d8Vnd6pp3N8+Kovsds1FxcieukQFXak9UXfJzK0jVG4VkjrYlp/CMPG1XtgeKnJbQZ1z2kcg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5174
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.22, xbe-rcd-007.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/rbYjSuhdEFA4j9XhtfLe0TnKd3g>
Subject: Re: [OPSEC] Robert Wilton's No Objection on draft-ietf-opsec-ipv6-eh-filtering-08: (with COMMENT)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 14:30:34 -0000

Replying with my IPv6  + shepherd hats

Indeed, I fail to understand why *transit* SP are dropping EH (as opposed to final destination router/firewall, which should drop some EH)

I sincerely hope that this document will rather 'open the gate' as some EH are recommended to go through

-éric
-----Original Message-----
From: iesg <iesg-bounces@ietf.org> on behalf of Robert Wilton via Datatracker <noreply@ietf.org>
Reply-To: "Rob Wilton (rwilton)" <rwilton@cisco.com>
Date: Wednesday, 14 July 2021 at 16:21
To: The IESG <iesg@ietf.org>
Cc: "opsec@ietf.org" <opsec@ietf.org>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, Eric Vyncke <evyncke@cisco.com>, "draft-ietf-opsec-ipv6-eh-filtering@ietf.org" <draft-ietf-opsec-ipv6-eh-filtering@ietf.org>
Subject: Robert Wilton's No Objection on draft-ietf-opsec-ipv6-eh-filtering-08: (with COMMENT)

    Robert Wilton has entered the following ballot position for
    draft-ietf-opsec-ipv6-eh-filtering-08: No Objection

    When responding, please keep the subject line intact and reply to all
    email addresses included in the To and CC lines. (Feel free to cut this
    introductory paragraph, however.)


    Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
    for more information about DISCUSS and COMMENT positions.


    The document, along with other ballot positions, can be found here:
    https://datatracker.ietf.org/doc/draft-ietf-opsec-ipv6-eh-filtering/



    ----------------------------------------------------------------------
    COMMENT:
    ----------------------------------------------------------------------

    Hi,

    Thanks for this document, it is useful to try and tame how SPs are filtering
    IPv6 extension headers.

    However, I did find some of this document somewhat surprising in the context of
    RFC 8200, and this is perhaps just my naivety on how it is actually deployed:

    My reading on RFC 8200 extension headers can be summarized as:
     - Hop by hop options default to being off unless you enable them.
     - Other extension headers only have relevance once the packet reaches the
     destination node, and hence I would have thought that all transit nodes should
     by default just ignore them.

    Given that this document is specifically only for transit nodes where the
    packets are not destined to them, I was expecting a summary along the lines of:
     - Ignore hop by hop options unless they protocols in the transmit domain are
     making use of them. - Allow, and ignore, all other extension headers.  Maybe
     filter RH types 0 and 1 because they should not be used, but even this
     processing could be left until the destination node.

    My slight fear with the current draft is that it makes this all seem very
    complicated and protocol specific which possibly might encourage ISPs to just
    drop all packets using EHs.

    Regards,
    Rob

v2.23.0 | Report a Bug | By Email