In your previous mail you wrote: OK I am worried now. Is there a security hole and potentially serious problem by not including the Flowlabel in the ICV?
=> according to RFC 3697 there is fortunately none. More, all attacks on flow labels can't be mitigated by including the flow label in the ICV because intermediate nodes can't check the ICV. We do need to ask this question and should not ignore it. Then the trade offs can be determined. But that data and what problem it solves should be fairly compelling to go tell product implementors to add it. => I agree: this shows all the symptoms of a gratuitous change (i.e., without clear benefits). And if we can imagine end-to-end usages of the flow label which need protection, we can imagine cases where we should make the flow label mutable... Thanks [EMAIL PROTECTED] -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
