(not using the usual template as the first version of this document predates
the template)
=== 1. Summary ===
The document shepherd is Eric Vyncke.
The responsible Area Director is Warren Kumari.
The intended status is informational, which is the right one as the I-D does
not specify any protocol and only provides recommendations (nothing is
normative).
The shepherd (who was OPSEC WG chair at the beginning) has reviewed the
document since before its adoption, and has tracked the updates. The shepherd
believes this version is ready to forward to the IESG. There are a few nits
(see below).
This document recommends what filtering (if any) of extension headers should be
applied on *on transit* routers (on purpose nothing is said about nodes at the
edge of the network or about packets received by a node). It is based on the
data collected by RFC 7872 "Observations on the Dropping of Packets with IPv6
Extension Headers in the Real World": in a 2016 measurement, a lot of IPv6
packets with extension headers were dropped during their transit over the
Internet.
The document wants to prevent ossification of the Internet by recommending to
allow most of the extension headers by using a deny list approach (only a
couple of extension headers are recommended to be dropped, all others are
recommended to be allowed). Both security and operational considerations are
analyzed. The recommendation are not limited to extension headers but also to
the options within those extension headers.
In short: it recommends dropping hop-by-hop (or ignoring as it can have a CPU
impact), routing header type 0 (RFC 5095), and the two experimental extension
headers. All others should be allowed (including fragment header).
=== 2. Review and Consensus ===
At the beginning, there was a controversy about filtering in the Internet. The
authors took the right decisions to limit the purpose of the document to
transit routers as well as using a deny list approach (in order to prevent the
ossification). The I-D was also updated upon the publication of RFC 8200 (IPv6
standard).
The OPSEC WG *rough* consensus is that it is a useful document (albeit
informational only) and the approach is the right one.
Note: there were three WG Last Calls on this I-D: 2021-02-10, 2018-05-29,
2017-09-29. See also Warren Kumari's email summarizing the situation/comments:
https://mailarchive.ietf.org/arch/msg/opsec/8GEvdJCFrK_UVMmMK3NbgTTmMI8/
=== 3. Intellectual Property ===
The document shepherd has asked specifically to the authors on October 25 2018
and a refresh on February 12 2021: both of them replied that they are unaware
of any IPR. Same request was sent to opsec@ietf.org, no reply. Will Liu:
https://mailarchive.ietf.org/arch/msg/opsec/WpsUJl2SabNASDV5cuOlG0e-oKE/
Fernando Gont:
https://mailarchive.ietf.org/arch/msg/opsec/TR5b_dwiPLka10bkpiKkUKfGYNw/
=== 4. Other Points ===
The current revision -09 has some nits (unused references), the shepherd has
requested the authors to fix those before the IETF Last Call. The shepherd also
thinks that some normative references (such as RPL) should rather be
informative.
There is no IANA section.