Hi Charlie, Theft of service by spoofing the flow label seems to be the same risk as theft of service by spoofing the DSCP. That is discussed in RFC 2474 and RFC 2475 and I imagine the considerations are just about the same.
Brian "Charles E. Perkins" wrote: > > Hello Brian et.al., > > Brian E Carpenter wrote: > > > The one acronym summary of kre's point is: SLA. I'd venture > > to say that no QoS solution will ever work in the absence of > > an SLA. And guess what, the IETF doesn't discuss business > > models and SLAs. The most we can do is standardise tools > > that can be deployed to support SLAs. > > > > So, I think it's time for a hum on this one (the simple > > update to 2460 that Scott and I at least seem to agree > > on). > > Although I have not participated in this discussion, I have > followed it closely. I like the simple update to 2460 that you > folks seem to have agreed on, but I also believe that workable > solutions can be made that do NOT necessarily depend on SLAs. > > As a separate point, however, I would like to raise another > issue. Let's say that the flow label enables some way to > distinguish a packet flow for special or faster processing. > A malicious node could insert packets with the flow label, > possibly causing the traffic conditioner on the receiving > end to flag an exception and disrupt further traffic to the > destination. This could happen, right? This isn't any worse > than a lot of other problems that would come up a long time > before flow-label impersonation, but I wondered whether there > had been discussion about it. > > Regards, > Charlie P. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
