[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
new Internet Draft -- IP Encapsulating Security Payload (ESP)
Folks,
Just a follow-up to the IETF announcement of the new draft (now
available in the Internet Drafts directories as
draft-ietf-ipsec-esp-v3-01.txt)....This draft differs from the
previous ESP spec (RFC 2406) as follows:
o Confidentiality-only service -- now a SHOULD, not a MUST.
o SPI -- modified to better reflect the differences between
unicast and multicast SA lookups. For unicast, the SPI may
be used alone to select an SA; for multicast, the SPI is
combined with destination address to select an SA.
o Sequence number -- added a new option for a 64-bit sequence
number for very high-speed communications.
o Payload data -- broadened model to accommodate combined mode
algorithms.
o Padding for improved traffic flow confidentiality -- added
requirement to be able to add bytes after the end of the IP
Payload, prior to the beginning of the Padding field.
o Next Header -- added requirement to be able to generate and
discard dummy padding packets (Next Header = 59)
o ICV -- broadened model to accommodate combined mode algorithms.
o Algorithms -- Added combined confidentiality mode algorithms.
o Inbound and Outbound packet processing -- there are now two
paths -- (1) separate confidentiality and integrity algorithms,
(2) combined confidentiality mode algorithms. Because of the
addition of combined mode algorithms, the encryption/decryption
and integrity sections have been combined for both inbound and
outbound packet processing.
Thank you,
Karen