There are many security issues in the communication layers of host software, but a full discussion is beyond the scope of this RFC.
The Internet architecture generally provides little protection against spoofing of IP source addresses, so any security mechanism that is based upon verifying the IP source address of a datagram should be treated with suspicion. However, in restricted environments some source-address checking may be possible. For example, there might be a secure LAN whose gateway to the rest of the Internet discarded any incoming datagram with a source address that spoofed the LAN address. In this case, a host on the LAN could use the source address to test for local vs. remote source. This problem is complicated by source routing, and some have suggested that source-routed datagram forwarding by hosts (see Section 3.3.5) should be outlawed for security reasons.
Security-related issues are mentioned in sections concerning the IP Security option (Section 126.96.36.199), the ICMP Parameter Problem message (Section 188.8.131.52), IP options in UDP datagrams (Section 184.108.40.206), and reserved TCP ports (Section 220.127.116.11).