On Monday 07 December 2009 05:16:26 pm Stephen Kent wrote: > Paul, > > From your comments it seems as though an IP option would be > preferable, as it is not IP-sec-specific, and it an be protected if > needed, in the IPSec context, e.g., via tunneling.
Exactly. Since the option would be immutable it could also be protected with AH allowing for intermediate nodes to apply security policy based on the label. Although I do understand AH is falling out of favor. -- paul moore linux @ hp _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
