In message <[EMAIL PROTECTED]>, Gerard.Gastaud@alc
atel.fr writes:
>
>
>
>and the user may refuse to pay because it idid not ask for the flow label
that the malicious entity overwrote
An enemy who is overwriting flow labels could generate fake packets
with arbitrary flow labels. It's strictly easier -- instead of
deleting and reinserting packets, you just generate them, with any
fields you want.
If the routers can't cryptographically verify every flow labeled-packet
-- and they can't do that in any rational fashion, I suspect -- then
the only other choice is border control. Your border routers --
including the peering routers, if necessary -- have to check that
incoming packets are, in some sense, "legal". In particular, if you're
going to charge someone extra for such services, you have to ensure
that the right party sent the packets. (This creates an interesting
problem at peering links -- what do you do with packets that have a
legal flow label for the peer, but not for you?)
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
