Heuristics for Detecting ESP-NULL Packets
RFC 5879
Note: This ballot was opened for revision 07 and is now closed.
(Pasi Eronen) Yes
(Jari Arkko) (was Discuss) No Objection
(Ron Bonica) No Objection
(Ross Callon) No Objection
(Ralph Droms) No Objection
(Adrian Farrel) No Objection
Comment (2010-03-03 for -)
No email
send info
send info
A thorough piece of work. Thanks. I think the Abstract may be a little terse. to quickly decide whether given packet flow is interesting or not This phrase doesn't make anything clear. I would prefer you say what you are attempting to determine and why.
(Russ Housley) No Objection
(Tim Polk) No Objection
(Dan Romascanu) No Objection
(Cullen Jennings) (was No Objection) Abstain
Comment (2010-03-03 for -)
No email
send info
send info
The heuristics seem too weak to recommend for UDP. The misclassification of UDP such as RTP as IPSEC seems like it will do more harm than good. DPI devices will misclassify then fail to apply the right policy. It will be extremely hard to debug in the network as it will only happen to some of the RTP stream.