Scott,
> the difserv field is not encrypted so I am not compelled by this
example
>
If by this you mean that the flow label is not covered
by AH then I agree that this is a weakness in the flow label proposal.
The end node cannot check that the flow label wasn't changed
in transit. To really allow authentiated QoS, it
would need to be included in packet authentication.
As for the traffic class field, I think it might be difficult to
include it into any encryption or authentication calculation
in any case, because, as I understand its definition, it was defined
to be mutable to allow different networks to apply
different kinds of diffserv classifications.
jak
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
