IETF Logo Mail Archive

I-D Action:draft-ietf-ipsecme-traffic-visibility-12.txt

Internet-Drafts@ietf.org Wed, 20 January 2010 16:15 UTC

Return-Path: <root@core3.amsl.com>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id 0E5B03A6962; Wed, 20 Jan 2010 08:15:01 -0800 (PST)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action:draft-ietf-ipsecme-traffic-visibility-12.txt
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20100120161502.0E5B03A6962@core3.amsl.com>
Date: Wed, 20 Jan 2010 08:15:01 -0800
Cc: ipsec@ietf.org
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i-d-announce>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2010 16:15:02 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF.


	Title           : Wrapped ESP for Traffic Visibility
	Author(s)       : K. Grewal, et al.
	Filename        : draft-ietf-ipsecme-traffic-visibility-12.txt
	Pages           : 15
	Date            : 2010-01-20

This document describes the Wrapped Encapsulating Security 
Payload (WESP) protocol, which builds on the Encapsulating 
Security Payload (ESP) [RFC4303], and is designed to allow 
intermediate devices to (1) ascertain if data confidentiality is 
being employed within ESP and if not, (2) inspect the IPsec 
packets for network monitoring and access control functions.  
Currently in the IPsec ESP standard, there is no deterministic 
way to differentiate between encrypted and unencrypted payloads 
by simply examining a packet. This poses certain challenges to 
the intermediate devices that need to deep inspect the packet 
before making a decision on what should be done with that packet 
(Inspect and/or Allow/Drop). The mechanism described in this 
document can be used to easily disambiguate integrity-only ESP 
from ESP-encrypted packets, without compromising on the security 
provided by ESP.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-12.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-12.txt"><ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-12.txt>

v2.23.0 | Report a Bug | By Email