Changed subject to better reflect content.
Today I wrote:
Why does a receiving host care about the flow label at all? It
exists to make sure that all intermediate nodes give correct
>> treatment to theflow, but once it reaches its destination it's
>> "safe", right?
On 08/03/10 23:49, Shane Amante wrote:
It depends on your worldview. I think Brian Carpenter (?) may have
said it best in a private e-mail -- let me paraphrase (and, Brian,
please correct me if I'm wrong). The flow-label can belong either to the
network -or- to the host(s): pick one[1].
{snip}
OTOH, if you believe the flow-label belongs to hosts and you
potentially want to enable applications like
draft-blake-ipv6-flow-label-nonce-02, which could prevent off-path
attacks, then you (likely) can't have routers messing around with the
flow-label. Routers may read a flow-label, but they can't attempt to
change it.
Hmm ... OK, that makes sense. I don't believe in it tho.
"0 FL mutable" would work reasonably well with both world views,
as there's one chance in a million that rnd() would yield zero.
One connection in a million would fail, and cause a retry?
--
Aleksi Suhonen
Department of Communications Engineering
Tampere University of Technology
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
