On 02  Jan 2012, at 14:15 , Jack Kohn wrote:
> In case of IPv4, which field in the IP header
> are you most interested in protecting?

An IPv4 example would be validating the [FIPS-188]
IPv4 option, which can't be protected any other way.  

That option is supported by a range of operating systems,
both commercial and open-source.  I'm told by a
a major computer vendor that Linux supports this 
for both IPv4 and IPv6.  The option reportedly 
is deployed in environments ranging from certain 
large financial institutions to governments.
Some devices that perform IP routing also perform
security checks that ensure the label on a given
packet is in range for the output interface;
end systems also separately need to trust
the label integrity.

Similar IPv6 examples exist.

Yours,

Ran

_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to