This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[ipv6-wg] [v6ops] Extension Headers / Impact on Security Devices
- Previous message (by thread): [ipv6-wg] [v6ops] Extension Headers / Impact on Security Devices
- Next message (by thread): [ipv6-wg] [v6ops] Extension Headers / Impact on Security Devices
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brian E Carpenter
brian.e.carpenter at gmail.com
Wed Jun 17 23:13:35 CEST 2015
Catching up on a few points in this thread that went crazy while I was sleeping... On 18/06/2015 02:00, Enno Rey wrote: ... > Yes, we're aware of RFC7112. It's just: no OS we know and no devices we're aware of (feel free to provide pointers) implement RFC 7112 as of today. No, it's too new. But I suggest that it gives you license to drop packets with fragmented header chains, and tell anyone who complains that they don't conform to the IPv6 standard. > but many attack tools implement the techniques mentioned above. Which is why quite some operators (in particular, but not only) from enterprise and managed service provider/cloud space drop all EHs except, maybe, AH+ESP. Whereas dropping *all* EHs breaks the IPv6 standard. On 18/06/2015 03:11, Ca By wrote: > For the folks looking for extension header innovation, would you be willing > to work on IP version X instead of IPv6? Or perhaps you can use the Class > E IPv4 space for your innovation? Now that's a polemic, not an argument. But since you ask: of course not. > Serious. IPv6 is not a place for innovation at the Network / Internet > layer. EHs as an extension mechanism are *not* innovation. They've been in the design for 20 years. I'm actually with Fred on this: it's time for the hardware designers to step up. With RFC 7112, we've told them that the maximum packet size they need to parse is 1280 (after removing tunneling overhead). Brian
- Previous message (by thread): [ipv6-wg] [v6ops] Extension Headers / Impact on Security Devices
- Next message (by thread): [ipv6-wg] [v6ops] Extension Headers / Impact on Security Devices
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]