[ipv6hackers] Fwd: RFC 9288 on Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Routers
Fernando Gont
fgont at si6networks.com
Fri Aug 19 00:00:03 -03 2022
Hi,
FYI. RFC 9288, "Recommendations on the Filtering of IPv6 Packets
Containing IPv6 Extension Headers at Transit Routers" (available at:
https://www.rfc-editor.org/rfc/rfc9288)
FWIW, IMO most of the value is in the analysis of what
protocols/features use what EHs, and what would break (if anything) if
packets with EHs are dropped.
These other two are useful for context:
* RFC 9098, "Operational Implications of IPv6 Packets with Extension
Headers" (https://www.rfc-editor.org/rfc/rfc9098.html)
* RFC 7872, "Observations on the Dropping of Packets with IPv6 Extension
Headers in the Real World (https://www.rfc-editor.org/rfc/rfc7872.html).
Thanks!
Cheers,
Fernando
-------- Forwarded Message --------
Subject: RFC 9288 on Recommendations on the Filtering of IPv6 Packets
Containing IPv6 Extension Headers at Transit Routers
Date: Thu, 18 Aug 2022 16:21:47 -0700 (PDT)
From: rfc-editor at rfc-editor.org
To: ietf-announce at ietf.org, rfc-dist at rfc-editor.org
CC: rfc-editor at rfc-editor.org, drafts-update-ref at iana.org, opsec at ietf.org
A new Request for Comments is now available in online RFC libraries.
RFC 9288
Title: Recommendations on the Filtering of IPv6
Packets Containing IPv6 Extension Headers at Transit Routers Author:
F. Gont,
W. Liu
Status: Informational
Stream: IETF
Date: August 2022
Mailbox: fgont at si6networks.com,
liushucheng at huawei.com
Pages: 33
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-ietf-opsec-ipv6-eh-filtering-10.txt
URL: https://www.rfc-editor.org/info/rfc9288
DOI: 10.17487/RFC9288
This document analyzes the security implications of IPv6 Extension
Headers and associated IPv6 options. Additionally, it discusses the
operational and interoperability implications of discarding packets
based on the IPv6 Extension Headers and IPv6 options they contain.
Finally, it provides advice on the filtering of such IPv6 packets at
transit routers for traffic not directed to them, for those cases
where such filtering is deemed as necessary.
This document is a product of the Operational Security Capabilities for
IP Network Infrastructure Working Group of the IETF.
INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
https://www.ietf.org/mailman/listinfo/ietf-announce
https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor at rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
_______________________________________________
IETF-Announce mailing list
IETF-Announce at ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce
More information about the Ipv6hackers
mailing list