Re: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-05.txt

Yaron Sheffer <yaronf@checkpoint.com> Wed, 24 June 2009 21:09 UTC

Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 225B63A6C2D for <ipsec@core3.amsl.com>; Wed, 24 Jun 2009 14:09:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YrdlgfCeeE-y for <ipsec@core3.amsl.com>; Wed, 24 Jun 2009 14:09:43 -0700 (PDT)
Received: from dlpdemo.checkpoint.com (dlpdemo.checkpoint.com [194.29.32.54]) by core3.amsl.com (Postfix) with ESMTP id AECE63A6D61 for <ipsec@ietf.org>; Wed, 24 Jun 2009 14:09:32 -0700 (PDT)
Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id 9E45A29C002; Wed, 24 Jun 2009 23:43:45 +0300 (IDT)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id 4EEFC200384 for <ipsec@ietf.org>; Wed, 24 Jun 2009 23:43:45 +0300 (IDT)
X-CheckPoint: {4A428D55-0-14201DC2-1FFFF}
Received: from il-ex01.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n5OKhZ3d028179 for <ipsec@ietf.org>; Wed, 24 Jun 2009 23:43:35 +0300 (IDT)
Received: from il-ex01.ad.checkpoint.com ([194.29.32.26]) by il-ex01.ad.checkpoint.com ([194.29.32.26]) with mapi; Wed, 24 Jun 2009 23:43:35 +0300
From: Yaron Sheffer <yaronf@checkpoint.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Date: Wed, 24 Jun 2009 23:43:33 +0300
Thread-Topic: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-05.txt
Thread-Index: Acn04ssJ4/HfMpuWTjy4WlVl1uiQ+QAJsgoQ
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC8E8ABC0DFA9@il-ex01.ad.checkpoint.com>
References: <20090624154501.888063A6CBE@core3.amsl.com>
In-Reply-To: <20090624154501.888063A6CBE@core3.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0019_01C9F525.95D3F1A0"
MIME-Version: 1.0
Subject: Re: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-05.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2009 21:09:44 -0000

Hi,

we've done a lot of work on this document as a group, and it may well be
ready to go through WG Last Call. However it did go through 4 revisions
since San Francisco. So before we proceed, I'd like to ask if anybody is
seeing showstopper issues with the draft in its current form. In which case
we'll need to work on this draft some more before sending it to LC. If there
are small issues though, we can defer them to the last call process.

Please respond to the list, or to Paul and myself.

Thanks,
	Yaron

> -----Original Message-----
> From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf Of
> Internet-Drafts@ietf.org
> Sent: Wednesday, June 24, 2009 18:45
> To: i-d-announce@ietf.org
> Cc: ipsec@ietf.org
> Subject: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-05.txt
> 
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the IP Security Maintenance and Extensions
> Working Group of the IETF.
> 
> 
> 	Title           : Wrapped ESP for Traffic Visibility
> 	Author(s)       : K. Grewal, et al.
> 	Filename        : draft-ietf-ipsecme-traffic-visibility-05.txt
> 	Pages           : 13
> 	Date            : 2009-06-24
> 
> This document describes the Wrapped Encapsulating Security
> Payload (WESP) protocol, which builds on top of Encapsulating
> Security Payload (ESP) [RFC4303] and is designed to allow
> intermediate devices to ascertain if ESP-NULL [RFC2410] is being
> employed and hence inspect the IPsec packets for network
> monitoring and access control functions.  Currently in the IPsec
> standard, there is no way to differentiate between ESP
> encryption and ESP NULL encryption by simply examining a packet.
> This poses certain challenges to the intermediate devices that
> need to deep inspect the packet before making a decision on what
> should be done with that packet (Inspect and/or Allow/Drop). The
> mechanism described in this document can be used to easily
> disambiguate ESP-NULL from ESP encrypted packets, without
> compromising on the security provided by ESP.
> 
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-
> 05.txt
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.