On Dec 4, 2018, at 8:11 PM, Christopher Morrow <[email protected]> wrote:
>> That works only for HBH options of type 00. Others require particular
>> actions when not supported.
>>
>
> can you expand on this some?
Nobody deprecated the flags that require HBH options to be processed or dropped
if not supported.
And if there is a security risk to the control plane, it is using that place
for slow path processing without properly limiting its use of shared resources.
This idea that packets processed as intended are a security risk is like saying
big packets are a security risk to small packets. It may be a bad design but it
doesn’t mean such packets are inherently a security risk.
Joe
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
