Deprecation of Type 0 Routing Headers in IPv6
RFC 5095

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'Deprecation of Type 0 Routing Headers 
         in IPv6' to Proposed Standard 

The IESG has approved the following document:

- 'Deprecation of Type 0 Routing Headers in IPv6 '
   <draft-ietf-ipv6-deprecate-rh0-02.txt> as a Proposed Standard

This document is the product of the IP Version 6 Working Group. 

The IESG contact persons are Jari Arkko and Mark Townsley.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipv6-deprecate-rh0-02.txt

Technical Summary
 
  The functionality provided by IPv6's Type 0 Routing Header can be
  exploited in order to achieve traffic amplification over a remote
  path for the purposes of generating denial-of-service traffic.  This
  document updates the IPv6 specification to deprecate the use of IPv6
  Type 0 Routing Headers, in light of this security concern.
 
Working Group Summary
 
  This document is a product of the IPv6 WG. Considerable
  discussion of the impacts of the Type 0 processing
  has happened over the course of the last few months.
  The document, as it currently stands, has the backing
  of the (rough) consensus of the group. However, the
  topic has generated a lot heated discussion, and this
  action is not unanimously supported by everyone in the
  group. Counter arguments against deprecation have
  raised potential (but so far unused) applications,
  difficulty of introducing new similar functionality
  once the feature has been disabled, ability to
  deal with this issue in an operational manner,
  the difference to the IPv4 situation (where source
  routing is still a part of the specifications), etc.

  The authors, chairs, and the AD believe, however, that
  the current contents of the document have the backing
  of the majority of the group, and that the recommendation
  is a valid one. In particular, new RH types can and
  have been defined for more specialized uses safely,
  and it would be hard to depend on RH0 in new applications,
  given that it has legitimate security issues and
  that irrespective of IETF's documents, this feature
  is largely disabled in many IPv6 implementations.
 
Protocol Quality
 
  Jari Arkko has reviewed this document for the IESG. Several
  implementations of IPv6 have for a long time not allowed
  Type 0 Routing Header processing by default; recently
  a number of implementations (BSD, for instance) have
  disabled it in accordance with this document's
  recommendations.

  Call for input also in NANOG list was made.

Note to RFC Editor
 
  Please change:

  OLD:
  IPv6 nodes MUST NOT process RH0 in packets whose
  destination address in the IPv6 header is an address assigned to them.
  Such packets...
  NEW:
  An IPv6 node that receives a packet with a 
  destination address assigned to it and containing an RH0 extension
  header MUST NOT execute the algorithm specified in the latter part
  of Section 4.4 of [RFC2460] for RH0. Instead such packets...

  OLD:
  type-2 RH
  NEW:
  type 2 Routing Header