On 2018-12-05 17:32, Joe Touch wrote:
>
>
> On Dec 4, 2018, at 8:11 PM, Christopher Morrow <[email protected]
> <mailto:[email protected]>> wrote:
>
>> That works only for HBH options of type 00. Others require particular
>> actions when not supported.
>>
>>
>> can you expand on this some?
>
> Nobody deprecated the flags that require HBH options to be processed or
> dropped if not supported.
Intentionally. If a forwarding node is transparent to HbH options,
it is not looking at those flags. If it is looking at HbH options,
it will obey those flags. Why is that a problem?
Brian
>
> And if there is a security risk to the control plane, it is using that place
> for slow path processing without properly limiting its use of shared
> resources.
>
> This idea that packets processed as intended are a security risk is like
> saying big packets are a security risk to small packets. It may be a bad
> design but it doesn’t mean such packets are inherently a security risk.
>
> Joe
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
