Heuristics for Detecting ESP-NULL Packets
RFC 5879
Yes
No Objection
Abstain
Note: This ballot was opened for revision 07 and is now closed.
(Pasi Eronen; former steering group member) Yes
(Adrian Farrel; former steering group member) No Objection
A thorough piece of work. Thanks. I think the Abstract may be a little terse. to quickly decide whether given packet flow is interesting or not This phrase doesn't make anything clear. I would prefer you say what you are attempting to determine and why.
(Dan Romascanu; former steering group member) No Objection
(Jari Arkko; former steering group member) (was Discuss) No Objection
(Ralph Droms; former steering group member) No Objection
(Ron Bonica; former steering group member) No Objection
(Ross Callon; former steering group member) No Objection
(Russ Housley; former steering group member) No Objection
(Tim Polk; former steering group member) No Objection
(Cullen Jennings; former steering group member) (was No Objection) Abstain
The heuristics seem too weak to recommend for UDP. The misclassification of UDP such as RTP as IPSEC seems like it will do more harm than good. DPI devices will misclassify then fail to apply the right policy. It will be extremely hard to debug in the network as it will only happen to some of the RTP stream.