OK I am worried now. Is there a security hole and potentially serious
problem by not including the Flowlabel in the ICV? We do need to ask
this question and should not ignore it. Then the trade offs can be
determined. But that data and what problem it solves should be fairly
compelling to go tell product implementors to add it.
Thanks /jim
Jim,
Based on your comments in this message, I think there is some misunderstanding.
We are not talking about changing AH v1; we are discussing AH v2. To correctly implement AH v2, one already has to be able to accommodate 64 bit sequence numbers, vs. the 32 bit sequence numbers in v1. AH v2 is still an I-D, not an RFC. So, while a change in whether to include the flow label in the ICV would make v2 not backward compatible with v1, v2 is already not backward compatible with v1 due to the required sequence number support difference.
Does this help?
Steve
-------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
