All, Updated draft for traffic visibility has been posted. Only changes since rev-03 is text related to the flags handling, as suggested by Yaron Sheffer.
Look forward to your feedback. Thanks, - Ken >-----Original Message----- >From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of >internet-dra...@ietf.org >Sent: Friday, June 05, 2009 8:30 AM >To: i-d-annou...@ietf.org >Cc: ipsec@ietf.org >Subject: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-04.txt > >A New Internet-Draft is available from the on-line Internet-Drafts >directories. >This draft is a work item of the IP Security Maintenance and Extensions >Working Group of the IETF. > > > Title : Wrapped ESP for Traffic Visibility > Author(s) : K. Grewal, et al. > Filename : draft-ietf-ipsecme-traffic-visibility-04.txt > Pages : 13 > Date : 2009-06-05 > >This document describes the Wrapped Encapsulating Security >Payload (WESP) protocol, which builds on top of Encapsulating >Security Payload (ESP) [RFC4303] and is designed to allow >intermediate devices to ascertain if ESP-NULL [RFC2410] is being >employed and hence inspect the IPsec packets for network >monitoring and access control functions. Currently in the IPsec >standard, there is no way to differentiate between ESP >encryption and ESP NULL encryption by simply examining a packet. >This poses certain challenges to the intermediate devices that >need to deep inspect the packet before making a decision on what >should be done with that packet (Inspect and/or Allow/Drop). The >mechanism described in this document can be used to easily >disambiguate ESP-NULL from ESP encrypted packets, without >compromising on the security provided by ESP. > >A URL for this Internet-Draft is: >http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility- >04.txt > >Internet-Drafts are also available by anonymous FTP at: >ftp://ftp.ietf.org/internet-drafts/ > >Below is the data which will enable a MIME compliant mail reader >implementation to automatically retrieve the ASCII version of the >Internet-Draft. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
