A New Internet-Draft is available from the on-line Internet-Drafts
directories.
Title : Identifying ESP-NULL Packets
Author(s) : M. Bhatia
Filename : draft-bhatia-ipsecme-esp-null-00.txt
Pages : 6
Date : 2008-12-1
Encapsulating Security Payload (ESP) [RFC4303] provides data
integrity protection, confidentiality and data origin authentication
for data transported in an IP packet.
There are various applications and protocols that do not require
confidentiality but only need data integrity assurance or data origin
authentication. Since ESP support is mandatory for IPSec, such
applications end up using ESP with NULL encryption.
However, because of the way ESP is defined, it is impossible for
firewalls and intermediate routers to differentiate between encrypted
ESP and ESP NULL packets by simply examining them. This poses
problems for the firewalls since such packets cannot be filtered and
identified. It poses a different set of problems for routers since
such packets cannot be properly filtered, classified and prioritized.
This document proposes an extension to ESP so that firewalls and
routers can disambiguate between ESP encrypted and ESP NULL encrypted
packets.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-bhatia-ipsecme-esp-null-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-bhatia-ipsecme-esp-null-00.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
