> An IPv4 example would be validating the [FIPS-188]
> IPv4 option, which can't be protected any other way.
>
> That option is supported by a range of operating systems,
> both commercial and open-source.  I'm told by a
> a major computer vendor that Linux supports this
> for both IPv4 and IPv6.  The option reportedly
> is deployed in environments ranging from certain
> large financial institutions to governments.
> Some devices that perform IP routing also perform
> security checks that ensure the label on a given
> packet is in range for the output interface;
> end systems also separately need to trust
> the label integrity.
>
> Similar IPv6 examples exist.

And i would like to know what those are.

So you suggest that AH should be retained and encouraged since it
supports FIPS-188 IP option. Great.

What about IPv6? I am curious to know if you can come up with yet
another esoteric extension header or application that only a handful
of people know and have used - the way you have come up with IPv4.

Jack
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to