[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Question on Extension Header Order
Folks,
I noticed that the recommended order of extension headers shown in section
4.1 has changed from
IPv6 header
Hop-by-Hop Options header
Destination Options header (note 1)
Routing header
Fragment header
Authentication header (note 2)
Encapsulating Security Payload header (note 2)
Destination Options header (note 3)
upper-layer header
in RFC 1883 to
IPv6 header
Hop-by-Hop Options header
Destination Options header (note 1)
Routing header
Fragment header
Encapsulating Security Payload header (note 2)
Authentication header (note 2)
Destination Options header (note 3)
upper-layer header
in the draft. My question is why the order of the Authentication
header and the Encapsulating Security Payload header were switched.
My understanding of the direction of the IPSec WG leads me to conclude
that either order may appear, based on the security policy being
implemented, and that the order in RFC 1883 would be the order most
often encountered.
I suggest changing note 2 to:
note 2: the order of the two security headers is based on
security policy. Additional recommendations
regarding the relative order of the Authentication
and Encapsulating Security Payload headers are given
in [draft-ietf-ipsec-arch-sec-01.txt],
Charlie
Follow-Ups: