Very evolving. 

An IP packet, which is the only thing we are currently considering signing,
looks like this:

 IP Header
	contains src, destination, protocol number of data within
	total length of packet, checksum of header
 Payload
	Can be UDP, ICMP, TCP or Whatever. Unspecified, and we don't care,
	we just sign.

After signing, the packet looks like this:

 IP Header
	Protocol number has been set to the SPS assigned number
 SPS Header
	Contains the original protocol number
	Algorithm used to sign/encrypt
	Hash of key pair used to encrypt/sign (when using public/private)
	Signature (in case of signing only)
 Payload
	Unmodified payload
	
A signature is variable length, but at least 128 bits.

struct sps_header
{
#if __BYTE_ORDER == __LITTLE_ENDIAN
    unsigned int shl:4;
    unsigned int version:4;
#elif __BYTE_ORDER == __BIG_ENDIAN
    unsigned int version:4;
    unsigned int shl:4;
#else
# error "Please fix <bits/endian.h>"
#endif
    u_int8_t orig_proto;
    u_int8_t algorithm;
    u_int8_t sig_bytes;
    u_int16_t pkey_hash;
    /* signature here */
  };

SPS header length can be derived from the 'shl' field which, times 4, is the
total length of the SPS header - max length is thus 60 octets, which means
that 54 bytes=432 bits are available for signing.

Current algorithms:
	0	Stupid Password - signature is just a password
	1	MD5
	2 	SHA-1