On 02/08/2015 04:03 AM, Ted Lemon wrote: > On Feb 7, 2015, at 10:37 PM, C. M. Heard <[email protected]> wrote: >> That is incorrect because extension headers and upper layer headers >> share a numbering space. Upper layer headers do NOT follow the >> format in RFC 6564. That makes it in UNSAFE to attempt to skip over >> an unknown next header value. > > I addressed that in my DISCUSS position. The fact that RA guard gives bad > advice is no reason for the bad advice to be repeated in this document.
The advice in RA-Guard in DHCPv6-shield is essentially 6man's advice on the topic: RFC7045. That's why we provide RFC7045 as a reference. If you don't like what the current version of the I-D says, you're not only disagreeing with it and with the "RA-Guard IMplementation advice" RFC, but also with the advice that 6man itself has produced on the topic (RFC7045). Thanks, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
