On Fri, 10 Sep 2004, Bound, Jim wrote: > The flow label should not be part of the ICV because it is permitted to > be rewritable enroute as long as it is delivered in tact E2E. I say > keep as it is today. No other comment.
But it won't be possible to verify the AH enroute in any case (or are you assuming that those who do the rewriting have the keying material -- I'd be surprised to see such deployments), so it would still be rewritable as long as it's reversed. This is actually better because it would ensure that the flow label would actually be reversed if rewritten (otherwise, some deployments might be tempted to just rewrite it) because not doing so would fail end-to-end AH. But I see the problem with breaking existing implementations (and I don't know how commonplace this is, and don't know the interoperability assumptions), so I don't have strong preference on this either way. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------