> An IPv4 example would be validating the [FIPS-188] > IPv4 option, which can't be protected any other way. > > That option is supported by a range of operating systems, > both commercial and open-source. I'm told by a > a major computer vendor that Linux supports this > for both IPv4 and IPv6. The option reportedly > is deployed in environments ranging from certain > large financial institutions to governments. > Some devices that perform IP routing also perform > security checks that ensure the label on a given > packet is in range for the output interface; > end systems also separately need to trust > the label integrity. > > Similar IPv6 examples exist.
And i would like to know what those are. So you suggest that AH should be retained and encouraged since it supports FIPS-188 IP option. Great. What about IPv6? I am curious to know if you can come up with yet another esoteric extension header or application that only a handful of people know and have used - the way you have come up with IPv4. Jack _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
