On 07/15/2014 09:36 PM, Joe Touch wrote: > > On 7/15/2014 5:08 PM, Brian E Carpenter wrote: >> The problem with both of these great inventions is that a single >> box on the path that takes the "drop" option breaks everything, >> whereas "ignore" at least provides best effort service and >> protects against any specific attack on the middlebox. >> As far as the destination host goes, HbH can't be any more >> dangerous than a destination option. > > IPv6 already indicates - inside the option type - what to do if an > option isn't supported. > > Why is honoring that set of flags not the only correct behavior?
Because, with the world as we know it, that ends up killing performance -- with the corresponding implications (DoS) in extreme cases. Cheers, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
