On 10/02/2015 08:23, Ted Lemon wrote: > On Feb 9, 2015, at 1:16 PM, Fernando Gont <[email protected]> wrote: >> 1) Let us assume that either a new EH that doesn't follow RFC6564 is >> specified (since, as noted, RFC6564 doesn't buy you anything), or that >> the proposal in draft-gont-6man-rfc6564bis-00 gets standardized, and >> hence new EHs follow the EH format in that document. > > Come on, Fernando, this is ridiculous. RFC 6564 is normative. We should > not expect new EHs to be standardized that do not conform with RFC 6564.
Fair enough. But let's just say that DHCPv6 Shield sees a Next Header value of 253. How does it know where to look for a potential UDP header with port 546? If you don't like 253 as an example, how about 143, or any other value that isn't listed at http://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#extension-header I simply don't believe that any security product designer will do anything except give up and discard the packet. Don't we want RFCs to live in the real world? Brian _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
