Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!LANL.GOV!cpw%sneezy
From: cpw%sneezy@LANL.GOV (C. Philip Wood)
Newsgroups: comp.protocols.tcp-ip
Subject: Re:  Does anyone use IP options?
Message-ID: <8908291506.AA00690@sneezy.lanl.gov>
Date: 29 Aug 89 15:06:30 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 21

Joe,

Los Alamos National Laboratory is requiring network source from
workstation vendors in order to incorporate the extended security
option in workstations which communicate with our Central Computing
Facility (CCF).  SunOS 4.x, VAX BSD4.3 and CRAY UNICOS kernels have
been modified so far.  The option must be copied on fragmentation and
is used in all packets which pass through the CCF router(s).
Consequently, we need a mechanism which allows us to set up this
feature during an initial authentication session for a user, as well as
incorporate the option in every IP packet no matter what the IP
based application (Telnet, NeWS, X-Windows, etc.).  Also, server(remote)
initiated applications (such as X or NeWS) require that the
option be incorporated for the duration of a session by the client(local)
applications peer.  Think full duplex.

None of the software we have looked at (maybe with the exception of
FTP, Inc.) allows for other options besides source routing.  Also,
it is more difficult to incorporate in UDP based applications, at least on 4.3BSD based systems.

Phil Wood,  cpw@lanl.gov