Jarno Rajahalme <jarno.rajaha...@nsn.com> writes:
> > ISSUE 5. Section 2 says: > > > > IPv6 nodes MUST NOT assume that the Flow Label value in a incoming > > packet is identical to the value set by the source node. > > > > QUESTION: This needs to be reconciled with the security usage mentioned in > > draft-gont-. Would SHOULD NOT be acceptable? IMO, "MUST NOT" is the wrong word. What we want to say here is that it is possible for intruders, Bad Guys, and broken implementations to produce packets in which the Flow Label is not identical to its original value. Implementations MUST (SHOULD?) take necessary steps to protect themselves from being vulnerable to DOS and other types of attack that could result. Or something like that. I.e., give the implementor some practice advice, rather than making this a protocol requirement. And if we have some examples of the kinds of bad things that an implementation should look out for, list a few of them. Thomas -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
