Shepherd writeup
draft-ietf-opsec-ipv6-eh-filtering-06

=== 1. Summary ===

The document shepherd is Eric Vyncke. The responsible Area Director is Warren Kumari.

This document recommends what filtering (if any) of extension headers should be applied on *on transit* routers (on purpose nothing is said about nodes at the edge of the network or about packets received by a node). It is based on the data collected by RFC 7872 ""Observations on the Dropping of Packets with IPv6 Extension Headers in the Real World": a lot of IPv6 packets with extension headers are dropped during their transit over the Internet.

The document wants to prevent ossification of the Internet by recommending to allow most of the extension headers by using a black list approach (only a couple of extension headers are recommended to be dropped, all others are recommended to be allowed). Both security and operational considerations are analysed. The recommendation are not limited to extension headers but also to the options within those extension headers.

In short: it recommends dropping hop-by-hop (or ignoring as it can have a CPU impact), routing header type 0 (RFC 5095), and the two experimental extension headers. Specificallt, fragment header is allowed.
 
=== 2. Review and Consensus ===

At the beginning, there was a controversy about filtering in the Internet. The authors took the right decisions to limit the purpose of the document to transit routers as well as using a black list approach (in order to prevent the ossification).

The OPSEC WG consensus is that it is a useful document (albeit informational only) and the current approach is the right one. 

=== 3. Intellectual Property ===

The document shepherd has asked specifically to the authors on October 25 2018: both of them replied that they are unaware of any IPR. Same request was sent to opsec@ietf.org, no reply.

=== 4. Other Points ===

None.
Back