Fernando, >> >> That is, help middleboxes to violate e2e transparency and, furthermore, >> allow unknown headers to cross those middleboxes. > > I don't think this I-D will make a difference. > > From the POV of a firewall, unless it really wants a packet to > pass-through, it will block it. > > So, whether the Extension Header is unknown, or whether > draft-ietf-6man-exthdr-01.txt is implemented and the Specific type is > unknown will lead to the same result: the packet will be discarded.
This is incorrect - The draft clearly says that if the Hdr Options is 00, then the packet will skip over this option and continue with the remaining packet. Kam > > This proposal would only be useful to firewalls that implement a > "default allow", and that simply want to somehow ignore an unknown > extension header and base their decision on the upper-layer protocol > (only). -- But we all know that firewalls operate (or should operate) in > "default deny" rather than "default allow". > > So IMHO this proposal won't be useful for such firewalls. > > Thanks, > -- > Fernando Gont > e-mail: ferna...@gont.com.ar || fg...@acm.org > PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
