Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com>, ipsecme mailing list <firstname.lastname@example.org>, ipsecme chair <email@example.com> Subject: Protocol Action: 'Wrapped ESP for Traffic Visibility' to Proposed Standard The IESG has approved the following document: - 'Wrapped ESP for Traffic Visibility ' <draft-ietf-ipsecme-traffic-visibility-12.txt> as a Proposed Standard This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Pasi Eronen and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-12.txt
Technical Summary This document describes the Wrapped Encapsulating Security Payload (WESP) protocol, which is based on the Encapsulating Security Payload (ESP) protocol and is designed to allow intermediate devices to ascertain if ESP with null encryption is being employed and if so, inspect the IPsec packets for network monitoring and access control functions. The mechanism described in this document can be used to easily disambiguate ESP-NULL from encrypted ESP packets, without compromising on the security provided by ESP. Working Group Summary Early on there was prolonged WG discussion about the relative merits of the Wrapped ESP solution for identifying ESP-null traffic, compared to heuristic methods for traffic inspection. Eventually the WG reached consensus on the usefulness of having both solutions published, with the heuristics solution targeted for the interim period until WESP is widely deployed. This consensus is documented in both protocol documents. IESG review also lead to clarifying the protocol's extensibility model: if there is consensus in the future to extend the protocol, those extensions need a new WESP version number, and have to be negotiated by the endpoints. This simplified the protocol by, for example, keeping the ICV coverage unchanged from ESP. Document Quality Currently, there are no known implementations. However, a number of vendors have expressed interest and supported this activity. Personnel The document shepherd is Yaron Sheffer, and the responsible area director is Pasi Eronen.