Question on Extension Header Order

[Charles Lynn <clynn@bbn.com>]

Folks,

I noticed that the recommended order of extension headers shown in section
4.1 has changed from

           IPv6 header
           Hop-by-Hop Options header
           Destination Options header (note 1)
           Routing header
           Fragment header
           Authentication header (note 2)
           Encapsulating Security Payload header (note 2)
           Destination Options header (note 3)
           upper-layer header

in RFC 1883 to

           IPv6 header
           Hop-by-Hop Options header
           Destination Options header (note 1)
           Routing header
           Fragment header
           Encapsulating Security Payload header (note 2)
           Authentication header (note 2)
           Destination Options header (note 3)
           upper-layer header

in the draft.  My question is why the order of the Authentication
header and the Encapsulating Security Payload header were switched.
My understanding of the direction of the IPSec WG leads me to conclude
that either order may appear, based on the security policy being
implemented, and that the order in RFC 1883 would be the order most
often encountered.

I suggest changing note 2 to:

           note 2: the order of the two security headers is based on
                   security policy.  Additional recommendations
                   regarding the relative order of the Authentication
                   and Encapsulating Security Payload headers are given
                   in [draft-ietf-ipsec-arch-sec-01.txt],

Charlie

---

Follow-Ups:

• Re: Question on Extension Header Order
• From: Ran Atkinson <rja@inet.org>

---

• Prev by Date: Re: IPv6 Destination options extension header position.
• Next by Date: Re: new/pending/delayed work items
• Prev by thread: Re: IPv6 Destination options extension header position.
• Next by thread: Re: Question on Extension Header Order
• Index(es):
  • Main
  • Thread