Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ken Grewal Gabriel Montenegro Manav Bhatia

Published byMavis Thompson Modified over 7 years ago

Similar presentations

Presentation on theme: "Ken Grewal Gabriel Montenegro Manav Bhatia"— Presentation transcript:

1 Ken Grewal Gabriel Montenegro Manav Bhatia
IPsec Wrapped ESP (WESP) for Traffic Visibility 75 IETF IPSECME WG 27-Jul-09 Ken Grewal Gabriel Montenegro Manav Bhatia

2 Current Status All tickets closed
WG Last Call issued on rev 5 from 4-18 July. Tickets closed before May interim (and reviewed during the interim): #85 Clarify the units for WESP header Added length of fields in bits & units #88 UDP Encapsulation diagram is wrong #89 Version field in the flags Set version to 0, added text to enforce checking #91 Next Header should not be optional in ESP-NULL 27-Jul-09 75 IETF IPSECME WG

3 Closed after May interim (1/2)
#84 Scope of WESP Leverage WESP ‘Next Header’ value to differentiate between ESP-NULL and encryption If Zero, then encrypted data, else ESP-NULL Note: Alternative was to add a bit in the flags more on this later #90 Shorter WESP negotiation along the lines of the USE_TRANSPORT_MODE (tunnel mode) of rfc4306 Added text for WESP notification 27-Jul-09 75 IETF IPSECME WG

4 Closed after May interim (2/2)
#92 Specify clearly how to treat bits in flags Added text including Integrity protection of WESP header #93 Next header field to specify value of tunneled payload Dan McDonald (during the interim) et al: just say “IP” as ESP does… No change to existing usage. #104 Handling malformed fields in WESP header Added integrity check over WESP header, which enforces recipient validation of fields (no number) Revert WESP fields to original order: - Flags as the last field - Next Header as the first field 27-Jul-09 75 IETF IPSECME WG

5 WG LC issues (1) HdrLen is an offset to the payload, but we don’t say where from submitted by Yaron (thanks!), solution below ok by him OLD: HdrLen, 8 bits: Offset to the beginning of the Payload Data in octets. NEW: HdrLen, 8 bits: Offset from the beginning of the WESP header to the beginning of the Rest of Payload Data (i.e., past the IV, if present) within the encapsulated ESP header, in octets. 27-Jul-09 75 IETF IPSECME WG

6 WG LC issues (2) Conflict between Next Header values due to overloading of this field (submitted by Qiu Ying, thanks!) 0 can mean both (“encryption being used”) as well as “IPv6 Hop-by-Hop option” alternatives: assign a protocol value to use as “encryption being used” in Next Header Pros: simple change to the draft Cons: field overloading, consumes another protocol number use existing value for ESP when using encryption Cons: field overloading, more overloading, can we guarantee this is not a valid usage? Use 0xFF instead Cons: field overloading, this field is reserved by IANA bring back the “Encryption bit” in the flags Pros: no overloading, clean Cons: more delta in the draft (but we had this text before anyways), potential mismatch with usage of encryption vs ESP NULL What to set the Next Header field to? 0? 0xFF? If 0xFF, then why not alternative #3? 27-Jul-09 75 IETF IPSECME WG

7 Next Steps Issue revision per WG LC comments Advance to the IESG
27-Jul-09 75 IETF IPSECME WG

Download ppt "Ken Grewal Gabriel Montenegro Manav Bhatia"

Similar presentations

WESP Extensions 76 IETF Nov 2009 IPsecme WG Meeting 12-Nov-2009 Gabriel Montenegro Ken Grewal.

WESP Extensions 76 IETF Nov 2009 IPsecme WG Meeting 12-Nov-2009 Gabriel Montenegro Ken Grewal.
Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,
IPv4 - The Internet Protocol Version 4

IPv4 - The Internet Protocol Version 4
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.

1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.

THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.
1Group 07 IPv6 2 1.ET/06/6472 2.ET/06/6487 3.ET/06/6491 4.EE/06/6393 5.EE/06/6455 6.EE/06/6473 Group 07 IPv6.

1Group 07 IPv6 2 1.ET/06/ ET/06/ ET/06/ EE/06/ EE/06/ EE/06/6473 Group 07 IPv6.
03/11/200871st IETF Meeting - 6LoWPAN WG1 Compression Format for IPv6 Datagrams in 6LoWPAN Networks Jonathan Hui 6LoWPAN WG Meeting 71 st IETF Meeting.

03/11/200871st IETF Meeting - 6LoWPAN WG1 Compression Format for IPv6 Datagrams in 6LoWPAN Networks Jonathan Hui 6LoWPAN WG Meeting 71 st IETF Meeting.
Dr. John P. Abraham Professor UTPA

Dr. John P. Abraham Professor UTPA
IPsec. 18.1 Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
Dime WG Status Update IETF#80, 1-April-2011. Agenda overview Agenda bashing WG status update Active drafts Recently expired IESG processing Current milestones.

Dime WG Status Update IETF#80, 1-April Agenda overview Agenda bashing WG status update Active drafts Recently expired IESG processing Current milestones.
OSPF WG Stronger, Automatic Integrity Checks for OSPF Packets Paul Jakma, University of Glasgow Manav Bhatia, Alcatel-Lucent IETF 79, Beijing.

OSPF WG Stronger, Automatic Integrity Checks for OSPF Packets Paul Jakma, University of Glasgow Manav Bhatia, Alcatel-Lucent IETF 79, Beijing.
Transport-Friendly ESP Steven M. Bellovin AT&T Labs Research

Transport-Friendly ESP Steven M. Bellovin AT&T Labs Research

Similar presentations

Ads by Google