[EMAIL PROTECTED] wrote:
>
> Mike,
>
> I believe you misunderstood what I meant. To rephrase: The currently defined
> RFC 2460 App.A semantics allows the IPv6 flow label field to be used for
> intserv MF-classification, instead of any of the transport headers. In this
> case the multi-field (MF) classifier would look only at the IP addresses and
> the flow label. Intserv does not need to care about any of the headers above
> the IP header, if the flow label is used and signaled end-to-end. With the
> current flow label definition there are no additional privacy implications
> raised by the use of the flow label in intserv signaling and classification.
Indeed. IntServ makes elegant use of the flow label.
> Brian has repeatedly mentioned that intserv would have a problem with ESP.
> With reference to RFC 2207 this is clearly not true (uses SPI instead of the
> ports).
Thanks. I was thinking of classical IntServ. Do people believe that 2207 is
widely implemented?
> Additionally, using the IPv6 Flow Label to label the flows for
> intserv allows the intserv signaling implementation to be independent of the
> IPsec policy in place (e.g. signaling would be the same regardless the IPsec
> policy, don't need to refresh the intserv state when re-keying, etc.).
Assuming the source doesn't decide to refresh the flow label at the
same time as re-keying. But since it is soft state, this wouldn't matter
too much.
Brian
>
> Jarno
>
> Michael Thomas wrote:
> >
> > [EMAIL PROTECTED] writes:
> > > Just some comments for clarifying some stuff that keeps coming up
> > > repeatedly:
> > >
> > > Brian E Carpenter wrote:
> > > >
> > > > This is a very unfair comment. Diffserv is just fine in the
> > > > case of unencrypted traffic. It has a problem (and so does
> > > > intserv I suspect) with tunnel or transport mode ESP.
> > > >
> > >
> > > IPv4 intserv shares the same difficulty of doing
> > MF-classification with ESP.
> > > However, in IPv6 the flow label can be used in
> > MF-classification for intserv
> > > semantics, even when ESP is used.
> >
> > This is incorrect. RFC 2207 defines a way to classify
> > ESP traffic for intserv *and* it doesn't compromise
> > privacy. What's being floated here for diffserv requires
> > that I compromise privacy in order to work, which I
> > think is bogus.
> >
> > Mike
> >
> --------------------------------------------------------------------
> IETF IPng Working Group Mailing List
> IPng Home Page: http://playground.sun.com/ipng
> FTP archive: ftp://playground.sun.com/pub/ipng
> Direct all administrative requests to [EMAIL PROTECTED]
> --------------------------------------------------------------------
--
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Brian E Carpenter
Distinguished Engineer, Internet Standards & Technology, IBM
On assignment for IBM at http://www.iCAIR.org
Board Chairman, Internet Society http://www.isoc.org
"We shall need a number of efficient librarian types
to keep us in order." - Alan Turing, 1947.
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
