Hi, Brian, > The flow label field is always unprotected (no IP header > checksum, not included in transport checksums, not included in > IPsec checksum). It cannot be verified and can be used as a > covert channel, so it will never pass a security analysis. Thus > some firewalls *will* decide to clear it, whatever the IETF > wants. This is inevitable, for exactly the same reason that the > diffserv code point is rewriteable at domain boundaries. > > If this is correct, it is futile to assert that the flow label > MUST be delivered unchanged to the destination, because we > cannot rely on this in the real world. > > Are we ready to accept this analysis?
Yes. Note (in response to comments about the covert channelthing): the reason for which firewalls/packet scrubbers do/will modify the flow label is irrelevant. But assuming that it gets delivere unchanged, when it doesn't doesn't make sense. Also, see the paper published by Malone (referenced in Steven Blake's flowlabel I-D and possibly in draft-gont-6man-flowlabel-security). Some systems don't even set *themselves* the flow-label consistently. In practice, this is the same thing as if a middlebox was modifying it. Thanks! Kind regards, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
