Note also the context for the comment (Sam again):

GIST raises significant architectural concerns about the end-to-end service
model of the Internet.  In particular there are multiple cases having to do with
q-mode encapsulation where GIST nodes consume, generate and modify packets that
are neither sourced nor destined for them.  The advice in section 7.2 goes
against the requirements of section 7 of draft-ietf-behave-nat-udp (an approved
BCP).  Even so, I think it is necessary for GIST to do these things but I think
we need to be very careful about the interactions with other things deployed on
the Internet.  We also want to discourage general applications of this form and
I think it critical that we establish architectural requirements so that future
proposals work with GIST.  I don't think it necessary to block GIST on that
architectural work.  RFC 4080 discusses some but not all of these issues; as
best I can tell it does not discuss AH, interactions with other IP options and
hop-by hop/destination options, etc.  Also, RFC 4080 is not an IETF consensus
document; it was a working group document that was never submitted for IETF last
call.  This is not just an NSIS issue; it is an IP service model issue.