Hi, Brian, On 01/23/2012 10:18 PM, Brian E Carpenter wrote: > I really don't like the use of the counter in Fernando's proposed algorithm: > > Flow Label = counter + F(Source Address, Destination Address, Secret Key) > > It seems to me that it introduces significant predictability for a malicious > observer of the packets leaving a given source.
As noted off-list, I personally think that rather than proposing a single algorithm, we should describe a set of algorithms, a la RFC 6056 -- as there a number of tradeoffs- > Effectively the equivalent algorithm in RFC 6437 is > > Flow Label = F(Srce Addr, Dest Addr, Protocol #, Srce Port, Dest Port, > Secret Key) > > which is less predictable, even if the port number is not randomized. If the attacker can predict the algorithm in draft-gont-6man-flowlabel-security-02.txt, he knows the IPv6 addresses of the two endpoints, and the secret key. So I don't see what'd be the real improvement of this variant. That said, it also seems technically incorrect: If you expect the resulting (src ip, dst ip, flow label) to be unique, then introducing the port numbers in F() could lead to unnecessary collisions. Yes, now that the requirement of uniqueness has been relaxed, collisions are less important... but I don't see what's the "gain" of the modified expression you suggest above. Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------