Re: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-04.txt

"Grewal, Ken" <ken.grewal@intel.com> Fri, 05 June 2009 21:01 UTC

Return-Path: <ken.grewal@intel.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C04833A6C33 for <ipsec@core3.amsl.com>; Fri, 5 Jun 2009 14:01:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lzGjwSDUG5B1 for <ipsec@core3.amsl.com>; Fri, 5 Jun 2009 14:01:28 -0700 (PDT)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by core3.amsl.com (Postfix) with ESMTP id 0071B3A6BC5 for <ipsec@ietf.org>; Fri, 5 Jun 2009 14:01:27 -0700 (PDT)
Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101.fm.intel.com with ESMTP; 05 Jun 2009 13:48:48 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="4.41,312,1241420400"; d="scan'208";a="696918484"
Received: from rrsmsx603.amr.corp.intel.com ([10.31.0.57]) by fmsmga001.fm.intel.com with ESMTP; 05 Jun 2009 14:04:58 -0700
Received: from rrsmsx601.amr.corp.intel.com (10.31.0.151) by rrsmsx603.amr.corp.intel.com (10.31.0.57) with Microsoft SMTP Server (TLS) id 8.1.358.0; Fri, 5 Jun 2009 15:01:30 -0600
Received: from rrsmsx505.amr.corp.intel.com ([10.31.0.36]) by rrsmsx601.amr.corp.intel.com ([10.31.0.151]) with mapi; Fri, 5 Jun 2009 15:01:30 -0600
From: "Grewal, Ken" <ken.grewal@intel.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Date: Fri, 05 Jun 2009 15:01:10 -0600
Thread-Topic: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-04.txt
Thread-Index: Acnl8oNsTfaE8D3BQLOpWgr1zlDpvAALgHHQ
Message-ID: <C49B4B6450D9AA48AB99694D2EB0A4832B9FB86B@rrsmsx505.amr.corp.intel.com>
References: <20090605153001.E4A653A6B72@core3.amsl.com>
In-Reply-To: <20090605153001.E4A653A6B72@core3.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-04.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2009 21:01:28 -0000

All, 
Updated draft for traffic visibility has been posted. Only changes since rev-03 is text related to the flags handling, as suggested by Yaron Sheffer.

Look forward to your feedback.

Thanks, 
- Ken
 

>-----Original Message-----
>From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf Of
>Internet-Drafts@ietf.org
>Sent: Friday, June 05, 2009 8:30 AM
>To: i-d-announce@ietf.org
>Cc: ipsec@ietf.org
>Subject: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-04.txt
>
>A New Internet-Draft is available from the on-line Internet-Drafts
>directories.
>This draft is a work item of the IP Security Maintenance and Extensions
>Working Group of the IETF.
>
>
>	Title           : Wrapped ESP for Traffic Visibility
>	Author(s)       : K. Grewal, et al.
>	Filename        : draft-ietf-ipsecme-traffic-visibility-04.txt
>	Pages           : 13
>	Date            : 2009-06-05
>
>This document describes the Wrapped Encapsulating Security
>Payload (WESP) protocol, which builds on top of Encapsulating
>Security Payload (ESP) [RFC4303] and is designed to allow
>intermediate devices to ascertain if ESP-NULL [RFC2410] is being
>employed and hence inspect the IPsec packets for network
>monitoring and access control functions.  Currently in the IPsec
>standard, there is no way to differentiate between ESP
>encryption and ESP NULL encryption by simply examining a packet.
>This poses certain challenges to the intermediate devices that
>need to deep inspect the packet before making a decision on what
>should be done with that packet (Inspect and/or Allow/Drop). The
>mechanism described in this document can be used to easily
>disambiguate ESP-NULL from ESP encrypted packets, without
>compromising on the security provided by ESP.
>
>A URL for this Internet-Draft is:
>http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-
>04.txt
>
>Internet-Drafts are also available by anonymous FTP at:
>ftp://ftp.ietf.org/internet-drafts/
>
>Below is the data which will enable a MIME compliant mail reader
>implementation to automatically retrieve the ASCII version of the
>Internet-Draft.