On Jun 14, 2007, at 18:27, Thomas Narten wrote:
I understand that the default security policy/config is "just say no".
But if we accept that, in this case, then I think the implication
really is we might as well toss out the routing header entirely.
[...]
We already did accept that as the Best Current Practice for
residential IPv6 gateways, c.f. the discussion in the V6OPS working
group over what eventually went on to become RFC 4864, and which led
to the formation of the V6CPE Design Team mailing list where I am
editing a draft that will elaborate on the recommendation for the
default security policy/config in residential IPv6 gateways that it
essentially should be "just say no."
I'm not sure I see a good argument for tossing out the routing header
entirely. At the moment, our draft recommends only blocking RH0. It
does not recommend blocking all routing headers. Those participants
with reasonable arguments for recommending that all routing headers
be blocked should present them.
--
james woodyatt <[EMAIL PROTECTED]>
member of technical staff, communications engineering
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------