new Internet Draft -- IP Encapsulating Security Payload (ESP)

[Karen Seo <kseo@bbn.com>]

Folks,

Just a follow-up to the IETF announcement of the new draft (now 
available in the Internet Drafts directories as 
draft-ietf-ipsec-esp-v3-01.txt)....This draft differs from the 
previous ESP spec (RFC 2406) as follows:

      o Confidentiality-only service -- now a SHOULD, not a MUST.
      o SPI -- modified to better reflect the differences between
        unicast and multicast SA lookups.  For unicast, the SPI may
        be used alone to select an SA; for multicast, the SPI is
        combined with destination address to select an SA.
      o Sequence number -- added a new option for a 64-bit sequence
        number for very high-speed communications.
      o Payload data -- broadened model to accommodate combined mode
        algorithms.
      o Padding for improved traffic flow confidentiality -- added
        requirement to be able to add bytes after the end of the IP
        Payload, prior to the beginning of the Padding field.
      o Next Header -- added requirement to be able to generate and
        discard dummy padding packets (Next Header = 59)
      o ICV -- broadened model to accommodate combined mode algorithms.
      o Algorithms -- Added combined confidentiality mode algorithms.
      o Inbound and Outbound packet processing -- there are now two
        paths -- (1) separate confidentiality and integrity algorithms,
        (2) combined confidentiality mode algorithms. Because of the
        addition of combined mode algorithms, the encryption/decryption
        and integrity sections have been combined for both inbound and
        outbound packet processing.

Thank you,
Karen

---

• Prev by Date: RE: SOI: identity protection and DOS
• Next by Date: Re: IKEv2 and SIGMA
• Prev by thread: Re: LAST CALL: NAT TRAVERSAL DRAFTS
• Next by thread: I-D ACTION:draft-ietf-ipsec-ike-hash-revised-03.txt
• Index(es):
  • Main
  • Thread