On Feb 10, 2015, at 1:38 PM, Fernando Gont <fg...@si6networks.com> wrote: > Not sure what the "(as opposed to an extension header)" means. Could you > elaborate/clarify a bit?
What I'm proposing is that unknown codes can be assumed to be extension headers. Any known code may be either an extension header or a protocol header, but then it's a known code, so not a problem. But rereading the text, that parenthetical does seem unnecessary. Anyway, it sounds like we now have some text to argue about that we might be able to agree on, so I will defer to you on tweaking it--I just wanted to give you a sense of what I had in mind. The main thing I want to avoid is a recommendation that the basic shield algorithm by default drop unknown extension and transport headers, but I agree that it's good to say what to do if the hardware can't support that fully. _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec