Assumptions
It is reasonable for some authorized parties to look at some packet header fields.
- It is relatively harmless if unauthorized parties see the same fields.
These authorized parties should not participate in the key management dialog, nor should they be given keying material.
Packet examination should be context-free.
Packet modification is not necessary (or desirable).