Hi, Steven, > FWIW, covering the FL in a header/transport checksum would not guarantee > immutability, since a firewall could always re-calculate either of these. > > There are already a variety of covert channels available (e.g., packet > size, packet timing, DSCP, hop count), so I wouldn't lose sleep about the > FL adding an additional one.
Eliminating all cover channels is virtually impossible. However, of the ones you mentioned, the Flow Label is the one that is more reliable and that provides more bandwidth. Thanks, -- Fernando Gont e-mail: [email protected] || [email protected] PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
