Yes and good point see my response to Stephen. Thanks /jim > -----Original Message----- > From: Pekka Savola [mailto:[EMAIL PROTECTED] > Sent: Friday, September 10, 2004 1:43 PM > To: Bound, Jim > Cc: Francis Dupont; [EMAIL PROTECTED]; Stephen Kent > Subject: RE: AH and flow label > > On Fri, 10 Sep 2004, Bound, Jim wrote: > > The flow label should not be part of the ICV because it is > permitted > > to be rewritable enroute as long as it is delivered in tact E2E. I > > say keep as it is today. No other comment. > > But it won't be possible to verify the AH enroute in any case > (or are you assuming that those who do the rewriting have the > keying material > -- I'd be surprised to see such deployments), so it would > still be rewritable as long as it's reversed. > > This is actually better because it would ensure that the flow > label would actually be reversed if rewritten (otherwise, > some deployments might be tempted to just rewrite it) because > not doing so would fail end-to-end AH. > > But I see the problem with breaking existing implementations > (and I don't know how commonplace this is, and don't know the > interoperability assumptions), so I don't have strong > preference on this either way. > > -- > Pekka Savola "You each name yourselves king, yet the > Netcore Oy kingdom bleeds." > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings > >
-------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------