Ran, I'm obliged to repeat myself: there has been endless feedback in the WG that the flow label remains defined as immutable, so any middlebox that changes it is violating the standard.
Of course the chairs can tell me this is now an open issue, but we have been over it many times. Regards Brian On 2011-05-06 00:55, RJ Atkinson wrote: > On 03 May 2011, at 17:58 , Brian E Carpenter wrote: >>> and also the apparent decision to write these documents >>> in a manner intended to legislate reasonable security measures >>> (if applicable only in selected deployments) out of existence. >> I don't understand this comment. The flow label has always been >> defined as immutable; the consensus in the WG is to keep that >> property. So a firewall that overwrites it is unambiguously >> breaking the standard. > > > Brian, > > The flow label has been modified by routers/security gateways > for many years now. It is not a new event. I was first aware > of it circa 1997. As near as I can tell, this has been done > for security reasons the whole time. Those security reasons > are in fact reasonable, albeit not applicable to all environments. > > Pretending those legitimate security considerations don't exist > is actively harmful, which is why the operational practice is > not new. IPv6 specifications should reflect reality, > not a theoretical world that we know does not exist > (and never has, or at least hasn't existed for ~15 years now). > > I proposed edits that are reasonable. This WG has not > considered those edits. It is not obvious to me that > there is any consensus, either way, on the current > wording or on the proposed wording. There should be > further WG discussion if you really believe the proposed > edit is technically unsoundl, otherwise the edit ought > to be made (or a wordsmithed version of it). > > Yours, > > Ran > > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
