Fernando Gont <ferna...@gont.com.ar> wrote: > On 06/04/2011 05:44 p.m., John Leslie wrote: >> Fernando Gont <ferna...@gont.com.ar> wrote: >>> * We want Flow Labels that unpredictable by off-path attackers (history >>> has taught us that this is a good proactive measure) >> >> I'm afraid I don't follow: what sort of attack could an off-path >> attacker mount by correctly guessing the Flow Label? > > Play with ECMP/LAG.
I'm afraid you'll need to be more specific: I still don't see an attack against the sender here. > And, it's clear you could never implement something like > draft-blake-ipv6-flow-label-nonce-02 if FLs are predictable. I did think of that, but decided I'd never want to use such a thing. There are quite a few better ways to accomplish the goal, and far too many opportunities for middleboxes to screw it up. -- John Leslie <j...@jlc.net> -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
