We can note the discrepancy, but I doubt if we can change IPSEC at this point in time.
Brian [EMAIL PROTECTED] wrote: > > Well, you can't authenticate it because RFC2402 defines the flow label as > mutable end-to-end. I think this draft probably needs to address this > discrepancy if it is going to define the flow label as immutable end-to-end. > > Mat. > > > -----Original Message----- > > From: Brian E Carpenter [mailto:[EMAIL PROTECTED]] > > Sent: 18 December 2001 16:43 > > To: Michael Thomas > > Cc: Craig Dunk; 'James Kempf'; Margaret Wasserman; > > [EMAIL PROTECTED] > > Subject: Re: draft-rajahalme-ipv6-flow-label-00.txt > > > > > > I agree; I meant that even at the receiving end you can't > > authenticate it, > > let alone the intermediate hops. > > > > Brian > > > > Michael Thomas wrote: > > > > > > Brian E Carpenter writes: > > > > Yes, the flow label is explicitly excluded from AH. So > > it could be modified > > > > en route and you can't authenticate its value. Assuming > > we decide to use > > > > it as an end2end value, that could be viewed as a bug. > > > > > > That would be a pretty funny view. The only > > > way to make it immutable would be to share a > > > security association with each participating > > > router along the way. I don't think we want > > > to even vaguely contemplate going there. > > > > > > Mike -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
