Steven Blake wrote:
> draft-gont-6man-flowlabel-security assumes that you keep track of every > allocated <src_addr, dst_addr, FL> tuple (the "if(three-tuple is unique) > return flowlabel;" pseudo-code). If you are going to the trouble of > doing this, there is really no reason not to just use a good PRNG to > generate the FL value, and retry upon a 3-tuple collision. I checked the algorithm. The "if(three-tuple is unique) return flowlabel" thing is there to check that the corresponding three-tuple is not *currently* in use. -- this is to avoid the case in which a particular flow lives for such a long period of time that the flow-lavel sequence for that pair (src addr, dst addr) wraps while that flow is still alive (and hence there are chances of collisions). Two comments: * Consider this a refinement * The difference between this algorithm (even if it includes the aforementioned "if()") and the simple PRNG approach is that with the simple PRNG you could end up selecting a flow label that is not *curretly* in use, but thatwas in use less than 120 seconds ago -- thus violating the spec. Thanks! Kind regards, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------