Tero Mononen writes: > Overall comments: > > The draft contains quite a lot of background information (what you are > trying to achieve on technical point of view, what were the > alternative solutions considered). Part of this background is also > available on WESP draft. > > Making this draft an information disclosure on "algorithm to > determine if IPsec ESP packet stream has been encrypted or not", > without too much explanation or hand waving would increase its > usability. The background could be find by-reference on the WESP > RFC.
I think having background information in this document also makes this document easier to understand. WESP document actually has quite a little of the background information. > Please consider adding definitions/glossary entries for the > following concepts: flow, flow-cache. I know they are relevant on > certain implementations, but not necessarily well defined on that > sense, or at least introducing these terms properly before using > them. I added terminology section and added those terms there. > About the abstract: > > Consider changing abstract in a way that really points out the > good on this approach. Something like: > > -8<--- > > This document describes an algorithm for distinguishing IPSEC > ESP- NULL packets from encrypted ESP packets. The algorithm can > be used on intermediate devices, like traffic analyzers, and deep > inspection engines, to quickly decide whether given packet flow is > interesting or not. Use of this algorithm does not require any > changes made on existing RFC4303 compliant IPSEC hosts. > > -8<--- Changed. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
