In your previous mail you wrote: Speaking as an IPv6 wg member, I am not comfortable with the flow label being unprotected. As an immutable field, it should be included in the ICV calculation.
=> this is the argument which has triggered the question. I have seen several projects started that intend on taking advantage of RFC 3697. => note the RFC 3697 explains why the protection of the flow label is not in fact useful. Can you give more details, for instance are flow labels used by the destination? My main question is how much of an impact would such a change have on the existing IPv6 implementations. => 100% incompatibility for IPv6/IPsec implementations which support AH and put a non-zero flow label in packets (i.e., all conformant implementations :-). Can anyone speak to their IPv6/IPSec implementations on this issue? => I strongly object to change the current choice (not protecting the flow label despite it is immutable) for two reasons: - a change will be incompatible with current implementations - the protection doesn't work on transit routers, i.e., where the flow label is used. Regards [EMAIL PROTECTED] PS: status quo is compatible with RFC 3697, or with other words, nobody asked when we discussed about the document which became the RFC 3697 for an IPsec protection of the field. -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
