Wrapped Encapsulating Security Payload for Traffic Visibility
RFC 5840, “Wrapped Encapsulating Security Payload for Traffic Visibility”, is a Proposed Standard document published in April 2010 by K. Grewal, G. Montenegro, M. Bhatia. The canonical text is published by the RFC Editor.
Abstract
This document describes the Wrapped Encapsulating Security Payload (WESP) protocol, which builds on the Encapsulating Security Payload (ESP) RFC 4303 and is designed to allow intermediate devices to (1) ascertain if data confidentiality is being employed within ESP, and if not, (2) inspect the IPsec packets for network monitoring and access control functions. Currently, in the IPsec ESP standard, there is no deterministic way to differentiate between encrypted and unencrypted payloads by simply examining a packet. This poses certain challenges to the intermediate devices that need to deep inspect the packet before making a decision on what should be done with that packet (Inspect and/or Allow/Drop). The mechanism described in this document can be used to easily disambiguate integrity-only ESP from ESP-encrypted packets, without compromising on the security provided by ESP. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 5840 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 5839 An Extension to Session Initiation Protocol Events for Conditional Event Notification
- RFC 5841 TCP Option to Denote Packet Mood
- RFC 5838 Support of Address Families in OSPFv3
- RFC 5842 Binding Extensions to Web Distributed Authoring and Versioning
- RFC 5837 Extending ICMP for Interface and Next-Hop Identification
- RFC 5843 Additional Hash Algorithms for HTTP Instance Digests
- RFC 5836 Extensible Authentication Protocol Early Authentication Problem Statement
- RFC 5844 IPv4 Support for Proxy Mobile IPv6