On 02 Jan 2012, at 14:15 , Jack Kohn wrote: > In case of IPv4, which field in the IP header > are you most interested in protecting?
An IPv4 example would be validating the [FIPS-188] IPv4 option, which can't be protected any other way. That option is supported by a range of operating systems, both commercial and open-source. I'm told by a a major computer vendor that Linux supports this for both IPv4 and IPv6. The option reportedly is deployed in environments ranging from certain large financial institutions to governments. Some devices that perform IP routing also perform security checks that ensure the label on a given packet is in range for the output interface; end systems also separately need to trust the label integrity. Similar IPv6 examples exist. Yours, Ran _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
