Thanks Fernando, so to focus on your question: > My question is: do we want to do something different with HBH EH than > what we do with Router Alert in IPv4?
The problem with both of these great inventions is that a single box on the path that takes the "drop" option breaks everything, whereas "ignore" at least provides best effort service and protects against any specific attack on the middlebox. As far as the destination host goes, HbH can't be any more dangerous than a destination option. I personally don't care much in the IPv4 case, since router alert seems to be a dead duck anyway. It's possible that's going to be the case for HbH, but I think we should give it a chance. > FWIW, defaulting to "ignore" seems sensible to me. I agree, obviously. Regards Brian _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
