Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP)

The information below is for an old version of the document
Document Type Expired Internet-Draft (hip WG)
Authors Petri Jokela  , Robert Moskowitz  , Pekka Nikander  , Jan Melen 
Last updated 2010-09-23
Stream Internet Engineering Task Force (IETF)
Expired & archived
plain text pdf htmlized bibtex
Stream WG state WG Document
Document shepherd None
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo specifies an Encapsulated Security Payload (ESP) based mechanism for transmission of user data packets, to be used with the Host Identity Protocol (HIP). IESG Note The following issues describe IESG concerns about this document. The IESG expects that these issues will be addressed when future versions of HIP are designed. In case of complex Security Policy Databases (SPDs) and the co- existence of HIP and security-related protocols such as IKE, implementors may encounter conditions that are unspecified in these documents. For example, when the SPD defines an IP address subnet to be protected and a HIP host is residing in that IP address area, there is a possibility that the communication is encrypted multiple times. Readers are advised to pay special attention when running HIP with complex SPD settings. Future specifications should clearly define when multiple encryption is intended, and when it should be avoided.


Petri Jokela (
Robert Moskowitz (
Pekka Nikander (
Jan Melen (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)