It is possible to base the integrity information on message digests and public key digital signatures. Only the sender can then make the signature and everybody can check the signature. This method will be slow because of the amount of processing necessary to do asymmetric key encryption. Message digests is also impractical because of the processing necessary to calculate them.
A better solution is to calculate a CRC of the data block and encrypt the CRC with a symmetric cipher in a standard mode of operation. The key used in the cipher must be known only to the two communicating parties. This document proposes the use of the session keys exchanged with the authentication option. The required chaining of data blocks can be accomplished by not resetting the state of the CRC register before calculating the CRC for the next data block.
The proposed specification of the INTEGRITY option does not require the use of one specific method for the integrity information generation. The parties must negotiate about which integrity information type to use (Integrity design goal number 6). The following is an example of an specific method for generation of integrity information.