A new Request for Comments is now available in online RFC libraries.
RFC 5840
Title: Wrapped Encapsulating Security Payload (ESP)
for Traffic Visibility
Author: K. Grewal, G. Montenegro,
M. Bhatia
Status: Standards Track
Stream: IETF
Date: April 2010
Mailbox: [email protected],
[email protected],
[email protected]
Pages: 15
Characters: 34733
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-ietf-ipsecme-traffic-visibility-12.txt
URL: http://www.rfc-editor.org/rfc/rfc5840.txt
This document describes the Wrapped Encapsulating Security
Payload (WESP) protocol, which builds on the Encapsulating
Security Payload (ESP) RFC 4303 and is designed to allow
intermediate devices to (1) ascertain if data confidentiality is
being employed within ESP, and if not, (2) inspect the IPsec
packets for network monitoring and access control functions.
Currently, in the IPsec ESP standard, there is no deterministic
way to differentiate between encrypted and unencrypted payloads
by simply examining a packet. This poses certain challenges to
the intermediate devices that need to deep inspect the packet
before making a decision on what should be done with that packet
(Inspect and/or Allow/Drop). The mechanism described in this
document can be used to easily disambiguate integrity-only ESP
from ESP-encrypted packets, without compromising on the security
provided by ESP. [STANDARDS TRACK]
This document is a product of the IP Security Maintenance and Extensions
Working Group of the IETF.
This is now a Proposed Standard Protocol.
STANDARDS TRACK: This document specifies an Internet standards track
protocol for the Internet community,and requests discussion and suggestions
for improvements. Please refer to the current edition of the Internet
Official Protocol Standards (STD 1) for the standardization state and
status of this protocol. Distribution of this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
http://www.ietf.org/mailman/listinfo/ietf-announce
http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.
Requests for special distribution should be addressed to either the
author of the RFC in question, or to [email protected]. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
