[IPsec] RFC 5840 on Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
rfc-editor@rfc-editor.org Tue, 20 April 2010 23:58 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4032F3A6BA4; Tue, 20 Apr 2010 16:58:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.413
X-Spam-Level:
X-Spam-Status: No, score=-1.413 tagged_above=-999 required=5 tests=[AWL=-0.025, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_93=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0PpH45nbKAE9; Tue, 20 Apr 2010 16:58:07 -0700 (PDT)
Received: from rfc-editor.org (rfcpa [64.170.98.47]) by core3.amsl.com (Postfix) with ESMTP id 2AD9A3A6B98; Tue, 20 Apr 2010 16:58:07 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 7CD79E07EB; Tue, 20 Apr 2010 16:57:58 -0700 (PDT)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
From: rfc-editor@rfc-editor.org
Message-Id: <20100420235758.7CD79E07EB@rfc-editor.org>
Date: Tue, 20 Apr 2010 16:57:58 -0700
Cc: ipsec@ietf.org, rfc-editor@rfc-editor.org
Subject: [IPsec] RFC 5840 on Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2010 23:58:08 -0000
A new Request for Comments is now available in online RFC libraries. RFC 5840 Title: Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility Author: K. Grewal, G. Montenegro, M. Bhatia Status: Standards Track Stream: IETF Date: April 2010 Mailbox: ken.grewal@intel.com, gabriel.montenegro@microsoft.com, manav.bhatia@alcatel-lucent.com Pages: 15 Characters: 34733 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-ipsecme-traffic-visibility-12.txt URL: http://www.rfc-editor.org/rfc/rfc5840.txt This document describes the Wrapped Encapsulating Security Payload (WESP) protocol, which builds on the Encapsulating Security Payload (ESP) RFC 4303 and is designed to allow intermediate devices to (1) ascertain if data confidentiality is being employed within ESP, and if not, (2) inspect the IPsec packets for network monitoring and access control functions. Currently, in the IPsec ESP standard, there is no deterministic way to differentiate between encrypted and unencrypted payloads by simply examining a packet. This poses certain challenges to the intermediate devices that need to deep inspect the packet before making a decision on what should be done with that packet (Inspect and/or Allow/Drop). The mechanism described in this document can be used to easily disambiguate integrity-only ESP from ESP-encrypted packets, without compromising on the security provided by ESP. [STANDARDS TRACK] This document is a product of the IP Security Maintenance and Extensions Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC