Modified ESP Header Tricky -- watch out for encryption blocksize Want ciphertext and plaintext to be on 8-byte boundaries.(Maybe even 16-byte boundary for AES.) Fundamental assumption: interesting stuff to leak is all near the beginning of the headers; sensitive stuff is at the end. Example: better not expose the TCP checksum.