Stephen, Yes it does and that means it is less painful for implementation. But still need for it to be compelling.
Thanks /jim > -----Original Message----- > From: Stephen Kent [mailto:[EMAIL PROTECTED] > Sent: Friday, September 10, 2004 4:08 PM > To: Bound, Jim > Cc: Francis Dupont; Brian Haberman; [EMAIL PROTECTED] > Subject: RE: AH and flow label > > At 2:56 PM -0400 9/10/04, Bound, Jim wrote: > >OK I am worried now. Is there a security hole and > potentially serious > >problem by not including the Flowlabel in the ICV? We do > need to ask > >this question and should not ignore it. Then the trade offs can be > >determined. But that data and what problem it solves should > be fairly > >compelling to go tell product implementors to add it. > > > >Thanks > >/jim > > > > Jim, > > Based on your comments in this message, I think there is some > misunderstanding. > > We are not talking about changing AH v1; we are discussing AH > v2. To correctly implement AH v2, one already has to be able > to accommodate > 64 bit sequence numbers, vs. the 32 bit sequence numbers in > v1. AH v2 is still an I-D, not an RFC. So, while a change in > whether to include the flow label in the ICV would make v2 > not backward compatible with v1, v2 is already not backward > compatible with v1 due to the required sequence number > support difference. > > Does this help? > > Steve > -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
