Heuristics for Detecting ESP-NULL Packets
RFC 5879

Note: This ballot was opened for revision 07 and is now closed.

(Pasi Eronen) Yes

(Jari Arkko) (was Discuss) No Objection

(Ron Bonica) No Objection

(Ross Callon) No Objection

(Ralph Droms) No Objection

(Adrian Farrel) No Objection

Comment (2010-03-03 for -)
No email
send info
A thorough piece of work. Thanks.

I think the Abstract may be a little terse.

   to quickly decide whether given packet flow is interesting
   or not

This phrase doesn't make anything clear. I would prefer you say what you
are attempting to determine and why.

(Russ Housley) No Objection

(Tim Polk) No Objection

(Dan Romascanu) No Objection

(Cullen Jennings) (was No Objection) Abstain

Comment (2010-03-03 for -)
No email
send info
The heuristics seem too weak to recommend for UDP. The misclassification of UDP such as RTP as IPSEC seems like it will do more harm than good. DPI devices will misclassify then fail to apply the right policy. It will be extremely hard to debug in the network as it will only happen to some of the RTP stream.