I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Significant nits: This document provides recommendations that do include security considerations; but it is missing privacy considerations. While there may be no (or little impact), there should at least be some mention of privacy considerations in Section 6 (or create a new section). The document also references two drafts that are expired. General: it would be useful to reference the “EH Types” (RFC7045?) so that it is clearly distinct from the general “Option types” defined in RFC8200 (and also include the RFC8200 as reference on the first occurrence of “option types”) Section 2.1: the Terminology needs to be updated to comply with the latest BCP14 and RFC8174 Section 2.3: given the expressed terminology, I believe the “is *not*” is better stated as “SHOULD NOT” to be consistent with IETF guidelines in RFC8174. Section 2.3: this section not about “Conventions” but is really more about “Assumptions” with some recommendations already sprinkled, so the section should fall more in the “General Discussion” section Section 3.1: Not sure this is correct: “[RFC7045] identifies which of the currently assigned Internet Protocol numbers identify IPv6 EHs vs. upper-layer protocols. ” Reading RFC7045: it seems to be focused on how to process the extensions appropriately not sure it really does the identification of protocol layering or distinction? Simple Editorial nits: Section 2.3: redundant reference. Suggest to update from: “in [RFC7045]. Namely (from [RFC7045]),” to: “namely from [RFC7045]:” Section 3.1: the following sentence or perhaps the last clause (“they contain”) is not needed: “ This document discusses the filtering of packets based on the IPv6 EHs (as specified by [RFC7045]) they contain.”