Heuristics for Detecting ESP-NULL Packets
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com>, ipsecme mailing list <firstname.lastname@example.org>, ipsecme chair <email@example.com> Subject: Document Action: 'Heuristics for Detecting ESP-NULL packets' to Informational RFC The IESG has approved the following document: - 'Heuristics for Detecting ESP-NULL packets ' <draft-ietf-ipsecme-esp-null-heuristics-07.txt> as an Informational RFC This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Pasi Eronen and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-esp-null-heuristics-07.txt
Technical Summary This document describes a set of heuristics for distinguishing IPsec ESP-null (Encapsulating Security Payload without encryption) packets from encrypted ESP packets. These heuristics can be used on intermediate devices, such as traffic analyzers and deep inspection engines, to quickly decide whether given packet flow is interesting or not. Use of these heuristics does not require any changes made on existing RFC 4303 compliant IPsec hosts. Working Group Summary Early on there was prolonged WG discussion about the relative merits of the Wrapped ESP solution for identifying ESP-null traffic, compared to heuristic methods for traffic inspection. Eventually the WG reached consensus on the usefulness of having both solutions published, with the heuristics solution targeted for the interim period until WESP is widely deployed. This consensus is documented in both protocol documents. Document Quality Currently, there are no known implementations. Personnel The document shepherd is Yaron Sheffer, and the responsible area director is Pasi Eronen.