On Feb 9, 2015, at 6:48 PM, Fernando Gont <[email protected]> wrote: > You're essentially proposing a hack to fix a known protocol design flaw, > instead of accepting the flaw, and allow DHCPv6-shield to comply with > the existing specifications/requirements (RFC7045).
How is this a hack? It correctly identifies all DHCPv6 packets. The solution I've proposed is completely in compliance with RFC 7045. If you want to argue that a solution is wrong, you should say what is wrong with it, not refer to it as a "hack" as if merely by calling it a "hack," you have somehow shown that it is not a good solution. > -- all this under the assumption that RFC6564 gets deployed. In which > case you're essentially declaring "game over" for any new transport > protocol. Er, no, the point of this is to _not_ break new transport protocols. RFC 7045 does not deprecate RFC 6564. If you want to deprecate RFC 6564, please go do the work in the appropriate venue. It's my understanding, however, that you already tried this, and did not get consensus to even adopt your proposal as a working group work item. _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
