On Fri, 28 Oct 2005, Iljitsch van Beijnum wrote:
- if it's done by adding an extension header to data packets, or- if it would be done by sending separate "shim control packets" (e.g., with TCP, UDP, or whatever, or even plain extension headers without any data), then my concern still applies.
....
No, I think we pretty much agree that the shim signalling would have to happen in separate packets. Unless I misremember we didn't even discuss this issue in the interim meeting.
...
[...] Since the fact that the shim signalling worked indicates that the shim header isn't filtered this should work without trouble.
The last sentence does not follow. Firewalls may accept just fine packets with a shim6 extension header but no data, but could (and I'd expect many WOULD) drop packets with shim6 ext header WITH data.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings