Hi, I really don't like the use of the counter in Fernando's proposed algorithm:
Flow Label = counter + F(Source Address, Destination Address, Secret Key) It seems to me that it introduces significant predictability for a malicious observer of the packets leaving a given source. Effectively the equivalent algorithm in RFC 6437 is Flow Label = F(Srce Addr, Dest Addr, Protocol #, Srce Port, Dest Port, Secret Key) which is less predictable, even if the port number is not randomized. I'll have more to say once a current investigation of algorithms by a student is finished. Regards Brian Carpenter -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
