Authentication Data (AD): The length of this field is variable, but is always an integral number of 32-bit words. Some implementations require padding to other alignments, such as 64-bits, in order to improve performance. All implementations must support such padding, which is specified by the Destination on a per-SPI basis. The value of the padding field is arbitrarily selected by the sender and is included in the AD calculation.

An implementation will normally use the combination of Destination Address and SPI to locate the Security Association that specifies the field's size and use. The field retains the same format for all datagrams of any given SPI and destination address pair. The AD fills the field beginning immediately after the SPI field. If the field is longer than necessary to store the actual AD, then the unused bit positions are filled with unspecified, implementation-dependent values.