Protocol Action: 'Wrapped ESP for Traffic Visibility' to Proposed Standard

The IESG <> Tue, 26 January 2010 20:29 UTC

Return-Path: <>
Received: by (Postfix, from userid 30) id 527BE3A68DA; Tue, 26 Jan 2010 12:29:22 -0800 (PST)
X-idtracker: yes
From: The IESG <>
To: IETF-Announce <>
Subject: Protocol Action: 'Wrapped ESP for Traffic Visibility' to Proposed Standard
Message-Id: <>
Date: Tue, 26 Jan 2010 12:29:22 -0800
Cc: ipsecme mailing list <>, ipsecme chair <>, Internet Architecture Board <>, RFC Editor <>
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IETF announcement list. No discussions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 26 Jan 2010 20:29:22 -0000

The IESG has approved the following document:

- 'Wrapped ESP for Traffic Visibility '
   <draft-ietf-ipsecme-traffic-visibility-12.txt> as a Proposed Standard

This document is the product of the IP Security Maintenance and Extensions Working Group. 

The IESG contact persons are Pasi Eronen and Tim Polk.

A URL of this Internet-Draft is:

Technical Summary

   This document describes the Wrapped Encapsulating Security Payload
   (WESP) protocol, which is based on the Encapsulating Security
   Payload (ESP) protocol and is designed to allow intermediate
   devices to ascertain if ESP with null encryption is being employed
   and if so, inspect the IPsec packets for network monitoring and
   access control functions. The mechanism described in this document
   can be used to easily disambiguate ESP-NULL from encrypted ESP
   packets, without compromising on the security provided by ESP.

Working Group Summary

   Early on there was prolonged WG discussion about the relative
   merits of the Wrapped ESP solution for identifying ESP-null
   traffic, compared to heuristic methods for traffic
   inspection. Eventually the WG reached consensus on the usefulness
   of having both solutions published, with the heuristics solution
   targeted for the interim period until WESP is widely deployed. This
   consensus is documented in both protocol documents.

   IESG review also lead to clarifying the protocol's extensibility
   model: if there is consensus in the future to extend the protocol,
   those extensions need a new WESP version number, and have to be
   negotiated by the endpoints. This simplified the protocol by, 
   for example, keeping the ICV coverage unchanged from ESP.

Document Quality

   Currently, there are no known implementations. However, a number of
   vendors have expressed interest and supported this activity.


   The document shepherd is Yaron Sheffer, and the responsible
   area director is Pasi Eronen.