Technical Summary
This document describes a set of heuristics for distinguishing
IPsec ESP-null (Encapsulating Security Payload without encryption)
packets from encrypted ESP packets. These heuristics can be used on
intermediate devices, such as traffic analyzers and deep inspection
engines, to quickly decide whether given packet flow is interesting
or not. Use of these heuristics does not require any changes made
on existing RFC 4303 compliant IPsec hosts.
Working Group Summary
Early on there was prolonged WG discussion about the relative
merits of the Wrapped ESP solution for identifying ESP-null
traffic, compared to heuristic methods for traffic
inspection. Eventually the WG reached consensus on the usefulness
of having both solutions published, with the heuristics solution
targeted for the interim period until WESP is widely deployed. This
consensus is documented in both protocol documents.
Document Quality
Currently, there are no known implementations.
Personnel
The document shepherd is Yaron Sheffer, and the responsible
area director is Pasi Eronen.