> Put a nonce source ip in the packet header and the real source as 4-16 bytes of PFS protected payload. And only keep using the nonce per transport connection? That is, each new connection, TCP, UDP session, or QUIC would bet a new nonce source IP? Dino
