and v6 contexts.  Auditing requirements have been clarified in this
   version of the specification.  Tunnel mode AH was mentioned only in
   passing in RFC 1826, but now is a mandatory feature of AH.
   Discussion of interactions with key management and with security
   labels have been moved to the Security Architecture document.

Acknowledgements

   For over 3 years, this document has evolved through multiple versions
   and iterations.  During this time, many people have contributed
   significant ideas and energy to the process and the documents
   themselves.  The authors would like to thank Karen Seo for providing
   extensive help in the review, editing, background research, and
   coordination for this version of the specification.  The authors
   would also like to thank the members of the IPsec and IPng working
   groups, with special mention of the efforts of (in alphabetic order):
   Steve Bellovin, Steve Deering, Francis Dupont, Phil Karn, Frank
   Kastenholz, Perry Metzger, David Mihelcic, Hilarie Orman, Norman
   Shulman, William Simpson, and Nina Yuan.

































 
RFC 2402                IP Authentication Header           November 1998


Appendix A -- Mutability of IP Options/Extension Headers

A1.  IPv4 Options

   This table shows how the IPv4 options are classified with regard to
   "mutability".  Where two references are provided, the second one
   supercedes the first.  This table is based in part on information
   provided in RFC1700, "ASSIGNED NUMBERS", (October 1994).

           Opt.
Copy Class  #   Name                      Reference
---- ----- ---  ------------------------  ---------
IMMUTABLE -- included in ICV calculation
  0   0     0   End of Options List       [RFC791]
  0   0     1   No Operation              [RFC791]
  1   0     2   Security                  [RFC1108(historic but in use)]
  1   0     5   Extended Security         [RFC1108(historic but in use)]
  1   0     6   Commercial Security       [expired I-D, now US MIL STD]
  1   0    20   Router Alert              [RFC2113]
  1   0    21   Sender Directed Multi-    [RFC1770]
                Destination Delivery
MUTABLE -- zeroed
  1   0      3  Loose Source Route        [RFC791]
  0   2      4  Time Stamp                [RFC791]
  0   0      7  Record Route              [RFC791]
  1   0      9  Strict Source Route       [RFC791]
  0   2     18  Traceroute                [RFC1393]

EXPERIMENTAL, SUPERCEDED -- zeroed
  1   0      8  Stream ID                 [RFC791, RFC1122 (Host Req)]
  0   0     11  MTU Probe                 [RFC1063, RFC1191 (PMTU)]
  0   0     12  MTU Reply                 [RFC1063, RFC1191 (PMTU)]
  1   0     17  Extended Internet Proto   [RFC1385, RFC1883 (IPv6)]
  0   0     10  Experimental Measurement  [ZSu]
  1   2     13  Experimental Flow Control [Finn]
  1   0     14  Experimental Access Ctl   [Estrin]
  0   0     15  ???                       [VerSteeg]
  1   0     16  IMI Traffic Descriptor    [Lee]
  1   0     19  Address Extension         [Ullmann IPv7]

   NOTE: Use of the Router Alert option is potentially incompatible with
   use of IPsec.  Although the option is immutable, its use implies that