IETF Logo Mail Archive

Re: [Ipsec] draft-ietf-ipsec-rfc2402bis-07.txt ... Suggest moving the "Flow Label" IPv6 base header field to "immutable" and protecting with AH

Francis Dupont <Francis.Dupont@enst-bretagne.fr> Fri, 03 September 2004 22:58 UTC

Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA22368 for <ipsec-archive@lists.ietf.org>; Fri, 3 Sep 2004 18:58:16 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C3Msu-0007RQ-Ev; Fri, 03 Sep 2004 18:50:20 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C3MqZ-0006if-84 for ipsec@megatron.ietf.org; Fri, 03 Sep 2004 18:47:55 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA22028 for <ipsec@ietf.org>; Fri, 3 Sep 2004 18:47:52 -0400 (EDT)
Received: from laposte.rennes.enst-bretagne.fr ([192.44.77.17]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C3MtF-0002yJ-7D for ipsec@ietf.org; Fri, 03 Sep 2004 18:50:42 -0400
Received: from givry.rennes.enst-bretagne.fr (givry.rennes.enst-bretagne.fr [193.52.74.194]) by laposte.rennes.enst-bretagne.fr (8.11.6p2/8.11.6/2003.04.01) with ESMTP id i83MlIL02203; Sat, 4 Sep 2004 00:47:19 +0200
Received: from givry.rennes.enst-bretagne.fr (localhost.rennes.enst-bretagne.fr [127.0.0.1]) by givry.rennes.enst-bretagne.fr (8.12.3/8.12.3) with ESMTP id i83MlKSj064922; Sat, 4 Sep 2004 00:47:20 +0200 (CEST) (envelope-from dupont@givry.rennes.enst-bretagne.fr)
Message-Id: <200409032247.i83MlKSj064922@givry.rennes.enst-bretagne.fr>
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
To: Stephen Kent <kent@bbn.com>
Subject: Re: [Ipsec] draft-ietf-ipsec-rfc2402bis-07.txt ... Suggest moving the "Flow Label" IPv6 base header field to "immutable" and protecting with AH
In-reply-to: Your message of Fri, 03 Sep 2004 12:45:18 EDT. <p06110404bd5e4e22bba4@[128.89.89.75]>
Date: Sat, 04 Sep 2004 00:47:20 +0200
X-Virus-Scanned: by amavisd-milter (http://amavis.org/) at enst-bretagne.fr
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32
Cc: ipsec@ietf.org
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org

 In your previous mail you wrote:

   >The flow label in IPv6 is chosen by the source node, and must be delivered
   >to the ultimate destination without having been changed in transit, unlike
   >the DSCP or ECN QoS-related fields for IPv6.
   >
   >I suggest, since it is constant end-to-end, the field be moved to
   >"immutable" and protected by AH.
   
   We copied the text from 2402, and nobody had noticed the error there 
   in almost 6 years! Good catch.
   
   We will change the 2402bis text accordingly.
   
=> Please check with the IPv6 WG. BTW this is not an error, the flow
label was specified in details only by RFC 3697 (published in Mars).
BTW, there is no real need to protect the flow label (look at the
RFC 3697 security considerations for attacks based on altered flow
labels) and for compatibility with current IPv6/IPsec implementations
I *really* prefer we keep the current situation, i.e., flow label
field *not* in "immutable".

Thanks

Francis.Dupont@enst-bretagne.fr

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email