| draft-ietf-ipsecme-traffic-visibility-06.txt | draft-ietf-ipsecme-traffic-visibility-07.txt | |||
|---|---|---|---|---|
| Network Working Group K. Grewal | Network Working Group K. Grewal | |||
| Internet Draft Intel Corporation | Internet Draft Intel Corporation | |||
| Intended status: Standards Track G. Montenegro | Intended status: Standards Track G. Montenegro | |||
| Expires: February 06, 2010 Microsoft Corporation | Expires: February 10, 2010 Microsoft Corporation | |||
| M. Bhatia | M. Bhatia | |||
| Alcatel-Lucent | Alcatel-Lucent | |||
| August 06, 2009 | August 10, 2009 | |||
| Wrapped ESP for Traffic Visibility | Wrapped ESP for Traffic Visibility | |||
| draft-ietf-ipsecme-traffic-visibility-06.txt | draft-ietf-ipsecme-traffic-visibility-07.txt | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance | This Internet-Draft is submitted to IETF in full conformance | |||
| with the provisions of BCP 78 and BCP 79. | with the provisions of BCP 78 and BCP 79. This document may | |||
| contain material from IETF Documents or IETF Contributions | ||||
| published or made publicly available before November 10, 2008. | ||||
| The person(s) controlling the copyright in some of this material | ||||
| may not have granted the IETF Trust the right to allow | ||||
| modifications of such material outside the IETF Standards | ||||
| Process. Without obtaining an adequate license from the | ||||
| person(s) controlling the copyright in such materials, this | ||||
| document may not be modified outside the IETF Standards Process, | ||||
| and derivative works of it may not be created outside the IETF | ||||
| Standards Process, except to format it for publication as an RFC | ||||
| or to translate it into languages other than English. | ||||
| Internet-Drafts are working documents of the Internet | Internet-Drafts are working documents of the Internet | |||
| Engineering Task Force (IETF), its areas, and its working | Engineering Task Force (IETF), its areas, and its working | |||
| groups. Note that other groups may also distribute working | groups. Note that other groups may also distribute working | |||
| documents as Internet-Drafts. | documents as Internet-Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six | Internet-Drafts are draft documents valid for a maximum of six | |||
| months and may be updated, replaced, or obsoleted by other | months and may be updated, replaced, or obsoleted by other | |||
| documents at any time. It is inappropriate to use Internet- | documents at any time. It is inappropriate to use Internet- | |||
| Drafts as reference material or to cite them other than as "work | Drafts as reference material or to cite them other than as "work | |||
| in progress." | in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on February 06, 2010. | This Internet-Draft will expire on February 10, 2010. | |||
| Copyright | Copyright | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents in effect on the date of | |||
| publication of this document (http://trustee.ietf.org/license- | publication of this document (http://trustee.ietf.org/license- | |||
| info). Please review these documents carefully, as they describe | info). Please review these documents carefully, as they describe | |||
| skipping to change at page 2, line 24 | skipping to change at page 2, line 35 | |||
| encryption and ESP NULL encryption by simply examining a packet. | encryption and ESP NULL encryption by simply examining a packet. | |||
| This poses certain challenges to the intermediate devices that | This poses certain challenges to the intermediate devices that | |||
| need to deep inspect the packet before making a decision on what | need to deep inspect the packet before making a decision on what | |||
| should be done with that packet (Inspect and/or Allow/Drop). The | should be done with that packet (Inspect and/or Allow/Drop). The | |||
| mechanism described in this document can be used to easily | mechanism described in this document can be used to easily | |||
| disambiguate ESP-NULL from ESP encrypted packets, without | disambiguate ESP-NULL from ESP encrypted packets, without | |||
| compromising on the security provided by ESP. | compromising on the security provided by ESP. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction...................................................2 | 1. Introduction...................................................3 | |||
| 1.1. Requirements Language.....................................4 | 1.1. Requirements Language.....................................4 | |||
| 1.2. Applicability Statement...................................4 | 1.2. Applicability Statement...................................4 | |||
| 2. Wrapped ESP (WESP) Header format...............................4 | 2. Wrapped ESP (WESP) Header format...............................5 | |||
| 2.1. UDP Encapsulation.........................................7 | 2.1. UDP Encapsulation.........................................7 | |||
| 2.2. Transport and Tunnel Mode Considerations..................8 | 2.2. Transport and Tunnel Mode Considerations..................8 | |||
| 2.2.1. Transport Mode Processing............................8 | 2.2.1. Transport Mode Processing............................8 | |||
| 2.2.2. Tunnel Mode Processing...............................9 | 2.2.2. Tunnel Mode Processing...............................9 | |||
| 2.3. IKE Considerations.......................................10 | 2.3. IKE Considerations.......................................10 | |||
| 3. Security Considerations.......................................11 | 3. Security Considerations.......................................11 | |||
| 4. IANA Considerations...........................................12 | 4. IANA Considerations...........................................12 | |||
| 5. Acknowledgments...............................................12 | 5. Acknowledgments...............................................12 | |||
| 6. References....................................................12 | 6. References....................................................12 | |||
| 6.1. Normative References.....................................12 | 6.1. Normative References.....................................12 | |||
| End of changes. 7 change blocks. | ||||
| 7 lines changed or deleted | 18 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||