> > In your previous mail you wrote: > > I had a preliminary idea and was going to write something > about it. Basically the sender can generate the flow label > based on a hash of the source and destination port numbers. > > => this kind of things was already proposed... The main > objection is this reveals too much of the higher layer > and can conflict with the purpose of ESP (when ESP is used), > i.e. this can become a security threat. >
=> It would be good if yu could point out a link perhaps to help me understand the reasons. If breaking the key is a concern you can do things to fix that (e.g. like adding x below). > If we want to make it > more sophisticated then we can add another number > to the hash input (e.g P1 || P2 || x). > Where x can be something specific to this flow. > > => so why not just x (:-)... => Well because not all applications have that luxury of knowing an 'x' beforehand. Also you would have to define for each application what 'x' means. Or define some behaviour in the IPv6 stack based on some shared secret, which again is not always available. Cheers, Hesham > > Regards > > [EMAIL PROTECTED] > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
