@techreport{bhatia-ipsecme-esp-null-00,
    number =    {draft-bhatia-ipsecme-esp-null-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-bhatia-ipsecme-esp-null/00/},
    author =    {Manav Bhatia},
    title =     {{Identifying ESP-NULL Packets}},
    pagetotal = 6,
    year =      2008,
    month =     dec,
    day =       1,
    abstract =  {Encapsulating Security Payload (ESP) {[}RFC4303{]} provides data integrity protection, confidentiality and data origin authentication for data transported in an IP packet. There are various applications and protocols that do not require confidentiality but only need data integrity assurance or data origin authentication. Since ESP support is mandatory for IPSec, such applications end up using ESP with NULL encryption. However, because of the way ESP is defined, it is impossible for firewalls and intermediate routers to differentiate between encrypted ESP and ESP NULL packets by simply examining them. This poses problems for the firewalls since such packets cannot be filtered and identified. It poses a different set of problems for routers since such packets cannot be properly filtered, classified and prioritized. This document proposes an extension to ESP so that firewalls and routers can disambiguate between ESP encrypted and ESP NULL encrypted packets.},
}