>> Taking "the IPsec approach" would be creating a new extension header >> and code point that is unique to IPv4-- I don't see how that's any >> better than just using an existing EH defined for IPv6. > > I'm not sure I agree with that. > > When we added IPsec to IPv4, a system that didn't implement IPsec could not > step past the IPsec header when parsing. It had no idea the length of the > ipSEC header. If we add an extension header to IPv6 (for example, when we > added the security header to IPv6), we could continue to parse the IPv6 > header even if we didn't implement a given header beyond parsing. So they are > not the same thing.
In the general case you cannot parse over an unknown extension header in IPv6 either. AH and ESP have already been backported from IPv6 to IPv4. I see no principal difference in doing the same with the remaining two (or three) containers options either. Cheers, Ole _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
