On 14-Jun-2007, at 17:09, Thomas Narten wrote:
I'm slightly concerned that such advice flies in the face of
conventional advice given to those constructing firewall policy. It
is normal practice, I believe, for end-site firewall policy to be
deployed based on denying everything by default, and only permitting
those packets which are known to correspond to traffic which ought to
be permitted. I believe it is generally considered to be good advice
to block all "future technology" by default, and to permit it only
once the implications of doing so are well-known.
Understood. So maybe we should just go ahead and deprecate all routing
headers now? Why bother complicating implementations, if in practice,
no one will be able to enable/use such features because there is no
way to get firewall configs updated?
I think you are missing my point.
Joe
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
