John Kristoff <[EMAIL PROTECTED]> writes:
> I think you may be fearful that the use of reserved bits introduces
> a new security risk, because of something a system may do in response
> to the use of those new fields. That is a very legitimate concern
> and a very real potential risk. I guess in my view of the world, in
> practical terms, we're not likely to see an experimental protocol
> start getting widely deployed and then suddenly discover that we have
> a major security threat on our hands that we cannot easily fix before
> it brings the net to a complete halt. At least not since the
> publication of RFC 793. :-)
You must not remember how SunOS 4 responded when handed icmp echo
requests with the record-route option set (passed the packet on for
the next guy to enjoy and then promptly paniced).
A deny-all-permit-some firewall that passes through IP options which
are not explicitly needed for the operation of some specific end-node
would qualify for the "unclear on the concept" award.
---Rob
