Heuristics for Detecting ESP-NULL Packets
RFC 5879

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    ipsecme mailing list <ipsec@ietf.org>, 
    ipsecme chair <ipsecme-chairs@tools.ietf.org>
Subject: Document Action: 'Heuristics for Detecting ESP-NULL packets' to Informational RFC

The IESG has approved the following document:

- 'Heuristics for Detecting ESP-NULL packets '
   <draft-ietf-ipsecme-esp-null-heuristics-07.txt> as an Informational RFC


This document is the product of the IP Security Maintenance and Extensions Working Group. 

The IESG contact persons are Pasi Eronen and Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-esp-null-heuristics-07.txt

Technical Summary

   This document describes a set of heuristics for distinguishing
   IPsec ESP-null (Encapsulating Security Payload without encryption)
   packets from encrypted ESP packets. These heuristics can be used on
   intermediate devices, such as traffic analyzers and deep inspection
   engines, to quickly decide whether given packet flow is interesting
   or not. Use of these heuristics does not require any changes made
   on existing RFC 4303 compliant IPsec hosts.

Working Group Summary

   Early on there was prolonged WG discussion about the relative
   merits of the Wrapped ESP solution for identifying ESP-null
   traffic, compared to heuristic methods for traffic
   inspection. Eventually the WG reached consensus on the usefulness
   of having both solutions published, with the heuristics solution
   targeted for the interim period until WESP is widely deployed. This
   consensus is documented in both protocol documents.

Document Quality

   Currently, there are no known implementations.

Personnel

   The document shepherd is Yaron Sheffer, and the responsible
   area director is Pasi Eronen.