On Sun, Dec 11, 2016 at 03:50:31PM +0100, Jason A. Donenfeld wrote: > 3. Add 3 bytes of padding, set to zero, to the encrypted section just > before the IP header, marked for future use. > Pros: satisfies IETF mantras, can use those extra bits in the future > for interesting protocol extensions for authenticated peers. > Cons: lowers MTU, marginally more difficult to implement but still > probably just one or two lines of code. > > Of these, I'm leaning toward (3). Or 4) add one byte to the cleartext header for future use (mostly flags maybe) and 2 bytes of padding to the encrypted header. This way you get the following benefits : 1) your encrypted text is at least 16-bit aligned, maybe it matters in your checksum computations on during decryption 2) your MTU remains even, this is better for both ends 3) you're free to add some bits either to the encrypted or the clear parts. Just a suggestion :-) Willy