Brian Swander writes: > AH alone isn't good enough. We need solutions that also work with > end-to-end encryption.
Then we are not talking about ESP-NULL traffic anymore, thus it falls outside the scope of our WESP charter: - A standards-track mechanism that allows an intermediary device, such as a firewall or intrusion detection system, to easily and reliably determine whether an ESP packet is encrypted with the NULL cipher; and if it is, determine the location of the actual payload data inside the packet. The starting points for this work item are draft-grewal-ipsec-traffic-visibility and draft-hoffman- esp-null-protocol. WESP is not meant to be used for encrypted traffic, it was designed to be used to detect encrypted ESP packets from ESP-NULL packets. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
