Hi, Masataka,
On 02/10/2016 03:05 AM, Masataka Ohta wrote:
Joe Touch wrote:
Reason #1: IP reassembly is already deployed.
The reality is that wise operators denied deployment of
stupid idea of extension headers including that for IP
reassembly.
- now you want that info even further obscured by another
layer of encapsulation
Wrong. The worst kind of obscurity is a transport header at
the end of a chain of 1000 or more IPv6 extension headers.
Note that the transport header may not be placed in the
first fragment.
As following a long chain means vulnerability to DOS, there
should be some upper bound on the chain length and the most
reasonable value for the upper bound is 0, because all the
extension headers are useless.
RFC7112 imposes some basic constraints: the entire EH chain must be
present in the first fragment.
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont(_at_)si6networks(_dot_)com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492