This document specifies the application of security staining on an
IPv6 datagrams and the minimum requirements for IPv6 nodes staining
flows, IPv6 nodes forwarding stained packets within a given domain of
control, and nodes interpreting stains on flows.
The usage of the packet staining destination option enables proactive
delivery of security intelligence to IPv6 nodes such as firewalls and
intrusion prevention systems, and end-points such servers,
workstations, mobile and smart devices and an infinite array of as-
yet-to-be-invented sensors and controllers.
The usage of packet staining is not intended for use across the open
internet, where fragmentation issues associated with increased header
size may induce service degradation; packet staining is intended as a
security adjunct within a given doamin of control such as an carrier
or enterprise network.