Skip to main content

Heuristics for Detecting ESP-NULL Packets
RFC 5879

Yes

(Pasi Eronen)

No Objection

(Dan Romascanu)
(Jari Arkko)
(Ralph Droms)
(Ron Bonica)
(Ross Callon)
(Russ Housley)
(Tim Polk)

Abstain


Note: This ballot was opened for revision 07 and is now closed.

(Pasi Eronen; former steering group member) Yes

Yes ()

                            

(Adrian Farrel; former steering group member) No Objection

No Objection (2010-03-03)
A thorough piece of work. Thanks.

I think the Abstract may be a little terse.

   to quickly decide whether given packet flow is interesting
   or not

This phrase doesn't make anything clear. I would prefer you say what you
are attempting to determine and why.

(Dan Romascanu; former steering group member) No Objection

No Objection ()

                            

(Jari Arkko; former steering group member) (was Discuss) No Objection

No Objection ()

                            

(Ralph Droms; former steering group member) No Objection

No Objection ()

                            

(Ron Bonica; former steering group member) No Objection

No Objection ()

                            

(Ross Callon; former steering group member) No Objection

No Objection ()

                            

(Russ Housley; former steering group member) No Objection

No Objection ()

                            

(Tim Polk; former steering group member) No Objection

No Objection ()

                            

(Cullen Jennings; former steering group member) (was No Objection) Abstain

Abstain (2010-03-03)
The heuristics seem too weak to recommend for UDP. The misclassification of UDP such as RTP as IPSEC seems like it will do more harm than good. DPI devices will misclassify then fail to apply the right policy. It will be extremely hard to debug in the network as it will only happen to some of the RTP stream.