I agree; I meant that even at the receiving end you can't authenticate it, let alone the intermediate hops.
Brian Michael Thomas wrote: > > Brian E Carpenter writes: > > Yes, the flow label is explicitly excluded from AH. So it could be modified > > en route and you can't authenticate its value. Assuming we decide to use > > it as an end2end value, that could be viewed as a bug. > > That would be a pretty funny view. The only > way to make it immutable would be to share a > security association with each participating > router along the way. I don't think we want > to even vaguely contemplate going there. > > Mike -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Brian E Carpenter Distinguished Engineer, Internet Standards & Technology, IBM On assignment at the IBM Zurich Laboratory, Switzerland Board Chairman, Internet Society http://www.isoc.org -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
