On 2010-09-10 05:51, Mikael Abrahamsson wrote: > On Thu, 9 Sep 2010, Fernando Gont wrote: > >> Mikael Abrahamsson wrote: >> >>> Last I checked, the standards said that if precedence/dscp changed, the >>> host should reset the session (correct me if I'm wrong, I don't really >>> have time to check it right now). >> >> You're right. And it doesn't make sense. See Section 11.1.4 of >> http://www.gont.com.ar/papers/tn-03-09-security-assessment-TCP.pdf > > Yes, it doesn't make sense, and luckily nobody (as far as I've been able > to discern) actually follows this part. So even though it might still be > in the standard, it's not a real-world problem.
I suspect it was intended to prevent "misuse" of high IP Precedence during TCP SYN/ACK exchanges, or something like that. But it really does make no sense. > So whatever happens, please make the flow label something that can be > changed without any adverse reaction from the end system. I agree, and that's behind my suggestion earlier in this thread that "downstream nodes MUST NOT rely on the value being unchanged". Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
