[IPsec] I-D ACTION:draft-ietf-ipsecme-traffic-visibility-03.txt

Internet-Drafts@ietf.org Mon, 01 June 2009 18:30 UTC

Return-Path: <root@core3.amsl.com>
X-Original-To: ipsec@ietf.org
Delivered-To: ipsec@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id 6B48E3A71B2; Mon, 1 Jun 2009 11:30:01 -0700 (PDT)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20090601183001.6B48E3A71B2@core3.amsl.com>
Date: Mon, 01 Jun 2009 11:30:01 -0700
Cc: ipsec@ietf.org
Subject: [IPsec] I-D ACTION:draft-ietf-ipsecme-traffic-visibility-03.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2009 18:30:01 -0000

A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF.

	Title		: Wrapped ESP for Traffic Visibility
	Author(s)	: M. Bhatia, K. Grewal, G. Montenegro
	Filename	: draft-ietf-ipsecme-traffic-visibility-03.txt
	Pages		: 14
	Date		: 2009-6-1
	
This document describes the Wrapped Encapsulating Security 
   Payload (WESP) protocol, which builds on top of Encapsulating 
   Security Payload (ESP) [RFC4303] and is designed to allow 
   intermediate devices to ascertain if ESP-NULL [RFC2410] is being 
   employed and hence inspect the IPsec packets for network 
   monitoring and access control functions.  Currently in the IPsec 
   standard, there is no way to differentiate between ESP 
   encryption and ESP NULL encryption by simply examining a packet. 
   This poses certain challenges to the intermediate devices that 
   need to deep inspect the packet before making a decision on what 
   should be done with that packet (Inspect and/or Allow/Drop). The 
   mechanism described in this document can be used to easily 
   disambiguate ESP-NULL from ESP encrypted packets, without 
   compromising on the security provided by ESP.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-03.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-03.txt"><ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-03.txt>