On 03 May 2011, at 17:58 , Brian E Carpenter wrote: >> and also the apparent decision to write these documents >> in a manner intended to legislate reasonable security measures >> (if applicable only in selected deployments) out of existence. > > I don't understand this comment. The flow label has always been > defined as immutable; the consensus in the WG is to keep that > property. So a firewall that overwrites it is unambiguously > breaking the standard.
Brian, The flow label has been modified by routers/security gateways for many years now. It is not a new event. I was first aware of it circa 1997. As near as I can tell, this has been done for security reasons the whole time. Those security reasons are in fact reasonable, albeit not applicable to all environments. Pretending those legitimate security considerations don't exist is actively harmful, which is why the operational practice is not new. IPv6 specifications should reflect reality, not a theoretical world that we know does not exist (and never has, or at least hasn't existed for ~15 years now). I proposed edits that are reasonable. This WG has not considered those edits. It is not obvious to me that there is any consensus, either way, on the current wording or on the proposed wording. There should be further WG discussion if you really believe the proposed edit is technically unsoundl, otherwise the edit ought to be made (or a wordsmithed version of it). Yours, Ran -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
