Hi, Bob, On 21/01/2011 02:20 p.m., Bob Hinden wrote:
>>>> 1. It is RECOMMENDED that source hosts support the flow label >>>> by setting the flow label field for all packets of a flow to >>>> the same pseudo-random value. >>> >>> I do not see a reason to require this. >> Probably that could/should be rephrased as: >> >> 1. It is RECOMMENDED that source hosts support the flow label by >> setting the flow label field for all packets of a flow to the >> same value. Such value should not be easily predictable by an >> off-path attacker. > > We could also add to this something like: One way to achieve this is with a > pseudo-random value. +1 -- Although if the flowlabels are expected to be unique for each flow (as they currently are), then random numbers have a chance for collisions, and the approach proposed in draft-gont-flowlabel-security is better. Thanks! Best regards, -- Fernando Gont e-mail: [email protected] || [email protected] PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
