Well, you can't authenticate it because RFC2402 defines the flow label as mutable end-to-end. I think this draft probably needs to address this discrepancy if it is going to define the flow label as immutable end-to-end.
Mat. > -----Original Message----- > From: Brian E Carpenter [mailto:[EMAIL PROTECTED]] > Sent: 18 December 2001 16:43 > To: Michael Thomas > Cc: Craig Dunk; 'James Kempf'; Margaret Wasserman; > [EMAIL PROTECTED] > Subject: Re: draft-rajahalme-ipv6-flow-label-00.txt > > > I agree; I meant that even at the receiving end you can't > authenticate it, > let alone the intermediate hops. > > Brian > > Michael Thomas wrote: > > > > Brian E Carpenter writes: > > > Yes, the flow label is explicitly excluded from AH. So > it could be modified > > > en route and you can't authenticate its value. Assuming > we decide to use > > > it as an end2end value, that could be viewed as a bug. > > > > That would be a pretty funny view. The only > > way to make it immutable would be to share a > > security association with each participating > > router along the way. I don't think we want > > to even vaguely contemplate going there. > > > > Mike > > -- > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Brian E Carpenter > Distinguished Engineer, Internet Standards & Technology, IBM > On assignment at the IBM Zurich Laboratory, Switzerland > Board Chairman, Internet Society http://www.isoc.org > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
