> Have you looked at the security implications? Suppose that an > attacker can predict the hash algorithm used by a router. This > attacker could then pick "interesting" values of the flow ID, to > get the flow of traffic directed to particular paths, or not. For > example, they could systematically but a different flow label to > each packet to ensure the traffic is spread over all available > paths.
Yes, this is a potential problem. That said, the router has no assurance that the Flow Label values are not predictable, since it is others that set its value. Thus, no router can *depend* on the properties of the Flow Label to be psuedo random. Thus, nothing we require of the sender can obviate the need for a router to assume worst-case behavior from a DOS perspective. I.e., routers would do well (if they are concerned) to do something not predicitable in terms of the hash it uses. Yes, that increases the cost of the hash, but in today's world of Bad Guys doing Evil Things, it may just be a cost of doing business. :-( But IMO, it is not a requirement for the sender to choose psuedo-random values for the Flow ID, and because there is no way to enforce that in general there doesn't seem to me to be clear reason to do so. Routers will not be able to rely on such properties in any case, which is what the real issue is. Thomas -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
