[IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-07.txt

Internet-Drafts@ietf.org Mon, 10 August 2009 23:45 UTC

Return-Path: <root@core3.amsl.com>
X-Original-To: ipsec@ietf.org
Delivered-To: ipsec@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id D0BF03A6E8C; Mon, 10 Aug 2009 16:45:01 -0700 (PDT)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20090810234501.D0BF03A6E8C@core3.amsl.com>
Date: Mon, 10 Aug 2009 16:45:01 -0700
Cc: ipsec@ietf.org
Subject: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-07.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2009 23:45:01 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF.


	Title           : Wrapped ESP for Traffic Visibility
	Author(s)       : K. Grewal, et al.
	Filename        : draft-ietf-ipsecme-traffic-visibility-07.txt
	Pages           : 14
	Date            : 2009-08-10

This document describes the Wrapped Encapsulating Security 
Payload (WESP) protocol, which builds on top of Encapsulating 
Security Payload (ESP) [RFC4303] and is designed to allow 
intermediate devices to ascertain if ESP-NULL [RFC2410] is being 
employed and hence inspect the IPsec packets for network 
monitoring and access control functions.  Currently in the IPsec 
standard, there is no way to differentiate between ESP 
encryption and ESP NULL encryption by simply examining a packet. 
This poses certain challenges to the intermediate devices that 
need to deep inspect the packet before making a decision on what 
should be done with that packet (Inspect and/or Allow/Drop). The 
mechanism described in this document can be used to easily 
disambiguate ESP-NULL from ESP encrypted packets, without 
compromising on the security provided by ESP.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-07.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-07.txt"><ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-07.txt>