> Another option for products that want to look at layer 4 information is
> to define a new destination option. One can put whatever they want in
> those.
>=> this idea is not so silly if this destination option is at the new
>position, ie. between the routing header and the fragment header.
>This will solve the fragment classification issue (to keep some state
>works only if fragments are in the suitable order, at least one common OS
>sends to last fragment first). Of course an encapsulation device can
>repeat it in the outer header (like tunnel encapsulation limit option).
the option was explored a bit in ipsec working group (NAT-friendly
ipsec proposal). not sure about the current status, or security
implication/threat model (for example, if I were an attacker, I'd
try to sniff/decrypt traffic with a port # for banking transaction!).
itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
