Re: Pseudorandom Flow Labels

Fernando Gont <> Wed, 06 April 2011 22:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 00DE83A692F for <>; Wed, 6 Apr 2011 15:14:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vgm3JFuto3CE for <>; Wed, 6 Apr 2011 15:14:36 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 4B5E63A67E9 for <>; Wed, 6 Apr 2011 15:14:36 -0700 (PDT)
Received: by yic13 with SMTP id 13so902850yic.31 for <>; Wed, 06 Apr 2011 15:16:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:sender:message-id:date:from:user-agent :mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=nX+9GbpI+FZdo33lPy/zotI5DZA6+WnQ9ouZjvVQjGw=; b=OHdlBBzS19NeSJrm4x788ce1JtXo+euZ6WvRFIa50Q23UmsKT2eBvVpTf/nyoDYAiz T57nNhLlT921vBtAarbwAiGFis/csbe/ODPOF2RHv4m8iUBZRST0qT/1bu+xJb6pJK3E 8Wq07y3p1cqMAWWS0jpW48C9FLuTpiAFsku/o=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=qXjExgVLXrWAe1UGC9uLY+5bR1JfuIEundnV9UhBw2R9Pvh26K2RgLX6tZf0yQleEl WKrCtjj0A6tnUGZYFK43QSA47i+Wsh2PBiMhy1vl5ly9G0QoQ1B0zfdrGNBx1y3nBmGY bE8xXYakaeVw0ScTLuf7/7iVeazCzaqxr6V74=
Received: by with SMTP id n12mr175954ybe.16.1302128180144; Wed, 06 Apr 2011 15:16:20 -0700 (PDT)
Received: from [] ([]) by with ESMTPS id t5sm590849ybe.14.2011. (version=TLSv1/SSLv3 cipher=OTHER); Wed, 06 Apr 2011 15:16:18 -0700 (PDT)
Sender: Fernando Gont <>
Message-ID: <>
Date: Wed, 06 Apr 2011 19:16:12 -0300
From: Fernando Gont <>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: Shane Amante <>
Subject: Re: Pseudorandom Flow Labels
References: <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.1.1
OpenPGP: id=D076FFF1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Thomas Narten <>, 6man List <>
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 06 Apr 2011 22:14:37 -0000

Hi, Shane,

On 06/04/2011 06:44 p.m., Shane Amante wrote:

>> * We want Flow Labels that unpredictable by off-path attackers
>> (history has taught us that this is a good proactive measure) * We
>> want an algorithm for generating FL that produces FLs that do not 
>> repeat with a high frequency (i.e., they are distributed normally)
> I like your (attempt at) a more precise definition that Thomas has
> been asking for.
> I would think another desirable property of (host-generated?)
> flow-labels might be that, by default, they strive to preserve
> privacy of the transmitter.  IOW, flow-labels cannot be used to track
> individuals (over time), because they are traceable back to a
> particular implementation or, worse, a specific device.

While I agree with this, this seems to be like a requirement for

That is, if all hosts in my local network set the FL with random(), and
only my hosts implements the hash based scheme in e.g.
draft-gont-flowlabel-security, then you might argue that the FL could be
exploited to track me (or well, actually identify my host in my local
network, even if I'm using privacy addresses).

But this is already the case for virtually all protocol parameters on
which there's some room for choice. (From TCP's initial window to IPv6
Hop Limit value, etc.)

Fernando Gont
e-mail: ||
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1