Re: Higher level question about flow label

[Bill Sommerfeld]

>  > It seems that it would be appropriate for an implementation to
>  > "reclassify" packets at the time of encapsulation into ESP -- the
>  > packet is, after all, going through a logical trust boundary as it's
>  > being encrypted..
> 
>    If I understand Brian's concern correctly, that may
>    not necessarily be the case. The security gateway may
>    be on egress from my network and hence controlled by me.
...

>    luserdata------------>SG---------------------->AR
>                      (classifies,              (polices
>                     remarks dscp,             SLA against
>                     encrypts)                 DSCP, remarks)

No, there are two trust boundaries in the above network; the
subscriber's is inside SG, and the provider's is inside AR...

                                        - Bill

--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------