John Kristoff <[EMAIL PROTECTED]> writes:
> I think you may be fearful that the use of reserved bits introduces > a new security risk, because of something a system may do in response > to the use of those new fields. That is a very legitimate concern > and a very real potential risk. I guess in my view of the world, in > practical terms, we're not likely to see an experimental protocol > start getting widely deployed and then suddenly discover that we have > a major security threat on our hands that we cannot easily fix before > it brings the net to a complete halt. At least not since the > publication of RFC 793. :-) You must not remember how SunOS 4 responded when handed icmp echo requests with the record-route option set (passed the packet on for the next guy to enjoy and then promptly paniced). A deny-all-permit-some firewall that passes through IP options which are not explicitly needed for the operation of some specific end-node would qualify for the "unclear on the concept" award. ---Rob