________________________________
From: Alex Conta [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 31, 2008 12:50 PM
To: 'Rahim Choudhary'; Templin, Fred L; 'Fred Baker'
Cc: [email protected]
Subject: RE: Checksum in IPv6 header
There were additional secondary considerations. The IPv6 headers
were carefully crafter and compartmented, in terms of functionality. The
main header was carefully crafted not only to carry the very essential
information for delivering the packet to the next hop, but also in terms
of its size, and alignment of its fields. The alignment was a criterion
for faster processing - for instance, the IPv6 addresses, have 8 byte
alignment. Furthermore, the entire main header yields 8 byte alignment
to the next header.
Header integrity, which you refer to, seems to me of going
beyond just uncovering some hardware or software errors between the
transmitting and receiving of the IP header, which is the (only) object
of the IPv4 checksum. In that regard, as its function is really one IP
hop, it still stands that an IPv6 checksum, if it existed, it would have
only duplicated the functions of the L2 checksum as far as the header is
concerned even in cases when the IP one hop corresponds to multiple L2
hops, Integrity, in terms of security, was considered part of the
functionality and job which was assigned to the IPsec headers.
I'm seeing a lot of good reason why the header checksum was dropped in
IPv6, but I'm not seeing the one perfectly valid reason why it would
have been good to retain it. I thought this was discussed on here very
recently.
The reason is IPsec tunnels, where encrypted packets are tunneled
through a non-secure IPv6 link. In such cases, you can't count on L2
checksums when going across the tunnel boundaries. Or did I miss part of
that recent thread?
Bert
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
