This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[ipv6-wg] Fwd: RFC 9288 on Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Routers
- Previous message (by thread): [ipv6-wg] New on RIPE Labs: Deploying IPv6-Mostly Access Networks
- Next message (by thread): [ipv6-wg] RFC 9288 on Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Routers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Fernando Gont
fgont at si6networks.com
Fri Aug 19 04:59:33 CEST 2022
Hi, FYI. RFC 9288, "Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Routers" (available at: https://www.rfc-editor.org/rfc/rfc9288) FWIW, IMO most of the value is in the analysis of what protocols/features use what EHs, and what would break (if anything) if packets with EHs are dropped. These other two are useful for context: * RFC 9098, "Operational Implications of IPv6 Packets with Extension Headers" (https://www.rfc-editor.org/rfc/rfc9098.html) * RFC 7872, "Observations on the Dropping of Packets with IPv6 Extension Headers in the Real World (https://www.rfc-editor.org/rfc/rfc7872.html). Thanks! Cheers, Fernando -------- Forwarded Message -------- Subject: RFC 9288 on Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Routers Date: Thu, 18 Aug 2022 16:21:47 -0700 (PDT) From: rfc-editor at rfc-editor.org To: ietf-announce at ietf.org, rfc-dist at rfc-editor.org CC: rfc-editor at rfc-editor.org, drafts-update-ref at iana.org, opsec at ietf.org A new Request for Comments is now available in online RFC libraries. RFC 9288 Title: Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Routers Author: F. Gont, W. Liu Status: Informational Stream: IETF Date: August 2022 Mailbox: fgont at si6networks.com, liushucheng at huawei.com Pages: 33 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-opsec-ipv6-eh-filtering-10.txt URL: https://www.rfc-editor.org/info/rfc9288 DOI: 10.17487/RFC9288 This document analyzes the security implications of IPv6 Extension Headers and associated IPv6 options. Additionally, it discusses the operational and interoperability implications of discarding packets based on the IPv6 Extension Headers and IPv6 options they contain. Finally, it provides advice on the filtering of such IPv6 packets at transit routers for traffic not directed to them, for those cases where such filtering is deemed as necessary. This document is a product of the Operational Security Capabilities for IP Network Infrastructure Working Group of the IETF. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor at rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC _______________________________________________ IETF-Announce mailing list IETF-Announce at ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
- Previous message (by thread): [ipv6-wg] New on RIPE Labs: Deploying IPv6-Mostly Access Networks
- Next message (by thread): [ipv6-wg] RFC 9288 on Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Routers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]