On Fri, Jan 8, 2010 at 5:55 AM, Melinda Shore <sh...@arsc.edu> wrote: > On Jan 7, 2010, at 3:06 PM, Jack Kohn wrote: >> >> o In a steady state, where we are using WESP only for ESP-NULL, what >> should a middle box do when it sees ESP traffic, besides >> hyperventilating and throwing up? > > How would that information be used here? Do you want > to specify middlebox behavior?
No, i dont plan anything this ambitious. I am just trying to understand what a WESP powered middle box thats interested in deep inspecting packets, should do when it sees a native ESP packet. Should it make an attempt to parse it based on heuristics (which i completely resent) or should it treat the packet as encrypted and do whatever the local policy dictates? > > In my experience in some environments network > administrators would like to prevent encrypted traffic > on the wire because they want to inspect packet contents. Ok, so in such cases, WESP capable middle boxes would probably drop all ESP (including ESP-NULL) traffic. > I'm trying to think of requirements for doing that other .. doing what? I am sorry i could not follow your following statements. Jack > than providing the ability to flag the packet as > encrypted or not (let's assume that the presence or > absence of other encryption protocols is out-of-scope, > since it is out-of-scope) and can't see anything > obvious. > > Melinda > > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
