In your previous mail you wrote:
If I understand you correctly, you think it is not good to have the
flow-label carry "in clear" information which is also carried in parts
of the transport header, which is hidden through encryption.
=> I am afraid that the paranoic security guy (and usually he is)
will simply say: flow label is supposed to be a pseudo-random number,
someone is using it as a cover channel, just reset it to zero.
I agree this will be a silly attitude but in fact the flow label was
not designed to do that (for years we don't use it and now we fight
for keeping it for us :-).
Well, the source and destination, are in clear.... But, if one wants to
protect
the flow label, then the packet can be encrypted in tunnel mode, to hide
everything in the IPv6 maim header.
=> I am not a IPsec == VPN person. My real concern is I'd like to keep
the flow label for IntServ, and to give to DiffServ more flexibility
(ie. more/enough bits). I have no opinion about MPLS...
Thanks
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
