Re: [IPsec] I-D ACTION:draft-ietf-ipsecme-traffic-visibility-03.txt

"Grewal, Ken" <ken.grewal@intel.com> Tue, 02 June 2009 20:58 UTC

Return-Path: <ken.grewal@intel.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E35383A67AF for <ipsec@core3.amsl.com>; Tue, 2 Jun 2009 13:58:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NNsiWNvYcV62 for <ipsec@core3.amsl.com>; Tue, 2 Jun 2009 13:58:26 -0700 (PDT)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by core3.amsl.com (Postfix) with ESMTP id 27EB53A676A for <ipsec@ietf.org>; Tue, 2 Jun 2009 13:58:26 -0700 (PDT)
Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101.fm.intel.com with ESMTP; 02 Jun 2009 13:45:53 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="4.41,293,1241420400"; d="scan'208";a="695866499"
Received: from rrsmsx602.amr.corp.intel.com ([10.31.0.33]) by fmsmga001.fm.intel.com with ESMTP; 02 Jun 2009 14:01:51 -0700
Received: from rrsmsx505.amr.corp.intel.com ([10.31.0.36]) by rrsmsx602.amr.corp.intel.com ([10.31.0.33]) with mapi; Tue, 2 Jun 2009 14:58:23 -0600
From: "Grewal, Ken" <ken.grewal@intel.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Date: Tue, 02 Jun 2009 14:58:00 -0600
Thread-Topic: [IPsec] I-D ACTION:draft-ietf-ipsecme-traffic-visibility-03.txt
Thread-Index: Acni5yzZJU/Jbsi6QBWjBvM/fjNaQgA3V1fg
Message-ID: <C49B4B6450D9AA48AB99694D2EB0A4831F7F3284@rrsmsx505.amr.corp.intel.com>
References: <20090601183001.6B48E3A71B2@core3.amsl.com>
In-Reply-To: <20090601183001.6B48E3A71B2@core3.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [IPsec] I-D ACTION:draft-ietf-ipsecme-traffic-visibility-03.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2009 20:58:27 -0000

All, 
The updated draft for traffic visibility is now available, incorporating various suggested changes. 

All previously open tickets for this work item have now been closed, indicating the resolution and changes made.  

Please review and provide any additional feedback.

Thanks, 
- Ken
 

>-----Original Message-----
>From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf Of
>Internet-Drafts@ietf.org
>Sent: Monday, June 01, 2009 11:30 AM
>To: i-d-announce@ietf.org
>Cc: ipsec@ietf.org
>Subject: [IPsec] I-D ACTION:draft-ietf-ipsecme-traffic-visibility-03.txt
>
>A New Internet-Draft is available from the on-line Internet-Drafts
>directories.
>This draft is a work item of the IP Security Maintenance and Extensions
>Working Group of the IETF.
>
>	Title		: Wrapped ESP for Traffic Visibility
>	Author(s)	: M. Bhatia, K. Grewal, G. Montenegro
>	Filename	: draft-ietf-ipsecme-traffic-visibility-03.txt
>	Pages		: 14
>	Date		: 2009-6-1
>
>This document describes the Wrapped Encapsulating Security
>   Payload (WESP) protocol, which builds on top of Encapsulating
>   Security Payload (ESP) [RFC4303] and is designed to allow
>   intermediate devices to ascertain if ESP-NULL [RFC2410] is being
>   employed and hence inspect the IPsec packets for network
>   monitoring and access control functions.  Currently in the IPsec
>   standard, there is no way to differentiate between ESP
>   encryption and ESP NULL encryption by simply examining a packet.
>   This poses certain challenges to the intermediate devices that
>   need to deep inspect the packet before making a decision on what
>   should be done with that packet (Inspect and/or Allow/Drop). The
>   mechanism described in this document can be used to easily
>   disambiguate ESP-NULL from ESP encrypted packets, without
>   compromising on the security provided by ESP.
>
>A URL for this Internet-Draft is:
>http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-
>03.txt
>
>Internet-Drafts are also available by anonymous FTP at:
>ftp://ftp.ietf.org/internet-drafts/
>
>Below is the data which will enable a MIME compliant mail reader
>implementation to automatically retrieve the ASCII version of the
>Internet-Draft.