This Internet-Draft is no longer active. Unofficial copies of old Internet-Drafts can be found here:
http://tools.ietf.org/id/draft-ietf-ipsecme-traffic-visibility.
Abstract:
This document describes the Wrapped Encapsulating Security Payload (WESP)
protocol, which builds on the Encapsulating Security Payload (ESP) RFC 4303 and is designed to
allow intermediate devices to (1) ascertain if data confidentiality is being employed within ESP, and
if not, (2) inspect the IPsec packets for network monitoring and access control functions. Currently,
in the IPsec ESP standard, there is no deterministic way to differentiate between encrypted and
unencrypted payloads by simply examining a packet. This poses certain challenges to the intermediate devices
that need to deep inspect the packet before making a decision on what should be
done with that packet (Inspect and/or Allow/Drop). The mechanism described in this
document can be used to easily disambiguate integrity-only ESP from ESP-encrypted
packets, without compromising on the security provided by ESP. [STANDARDS-TRACK]
Authors:
Manav Bhatia <manav.bhatia@alcatel-lucent.com>
Ken Grewal <ken.grewal@intel.com>
Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)
datatracker.ietf.org