The choices below don’t include declaring this a security risk and turning it off.
If you want to change the standard, do so. But this isn’t a step isn’t that direction. And the previous attempts only show why IPv6 has adoption problems. The standard can still be changed, but regardless, this simply is not a security issue and shouldn’t be sold as one. Joe > On Dec 5, 2018, at 4:48 AM, Nick Hilliard <[email protected]> wrote: > > Joe Touch wrote on 05/12/2018 12:13: >> Then THAT is the security issue.. Not the packets that cause a broken >> implementation to have problems. > > In this specific case: > > 1. the protocol definition states that HBH packets should be processed per > intermediate node. > > 2. even small routers can now handle terabits of data plane throughput. > > What do we do? > > 1. declare that these routers should be able to process terabits of HBH > packets (or experimental EHs because we don't know whether experimental EHs > are required to be processed HBH or by end points only). > > 2. formally drop the requirement for intermediate routers to process HBH > headers > > 3. build routers which will take some HBH headers at low packet rates and > drop the rest (+ update rfcs to make this formally compliant). > > 4. something else. > > Nick _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
