Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: The IESG <firstname.lastname@example.org>, =?utf-8?q?=C3=89ric_Vyncke?= <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com Subject: Document Action: 'Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers' to Informational RFC (draft-ietf-opsec-ipv6-eh-filtering-06.txt) The IESG has approved the following document: - 'Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers' (draft-ietf-opsec-ipv6-eh-filtering-06.txt) as Informational RFC This document is the product of the Operational Security Capabilities for IP Network Infrastructure Working Group. The IESG contact persons are Warren Kumari and Ignas Bagdonas. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-opsec-ipv6-eh-filtering/
Technical Summary This document analyzes both the general security implications of IPv6 Extension Headers and the specific security implications of each Extension Header and Option type. Additionally, it discusses the operational and interoperability implications of discarding packets based on the IPv6 Extension Headers and IPv6 options they contain. Finally, it provides advice on the filtering of such IPv6 packets at transit routers for traffic *not* directed to them, for those cases in which such filtering is deemed as necessary. Working Group Summary At the beginning, there was a controversy about filtering in the Internet. The authors took the right decisions to limit the purpose of the document to transit routers as well as using a black list approach (in order to prevent the ossification). The OPSEC WG consensus is that it is a useful document (albeit informational only) and the current approach is the right one. The WGLC was sent to OpSec, 6MAN and V6OPS t oget better coverage: <https://mailarchive.ietf.org/arch/msg/v6ops/MvzKKTYCDtWVtlIGxb6OfQlUats> Document Quality The document is clear and easy to read. There are some minor nits / typos, but (unusually) I decided it wasn't worth asking for a respin for these. Personnel The document shepherd is Eric Vyncke. Warren Kumari is RAD!