Tuomas Aura: CURRENT TEXT: Sections 6.2.5 and 6.2.6: "If the message
includes an IP Authentication Header, the message authenticates
correctly."

PROBLEM: It is not necessary or even helpful to verify 
the AH (if there is one). If there is an IPSec policy 
that requires an AH, then the check will have been 
made before the packet gets to the SEND layer. On the 
other hand, if AH is not required and packets without 
AH are accepted, then there is no point in verifying 
the AH (if there is one).

PROPOSAL: Delete all text about AH verification.

---------------

Jari Arkko: Agreed.

---------------

---------------

---------------

---------------

---------------