This document describes the Wrapped Encapsulating Security Payload (WESP) protocol@ which builds on the Encapsulating Security Payload (ESP) RFC 4303 and is designed to allow intermediate devices to (1) ascertain if data confidentiality is being employed within ESP@ and if not@ (2) inspect the IPsec packets for network monitoring and access control functions. Currently@ in the IPsec ESP standard@ there is no deterministic way to differentiate between encrypted and unencrypted payloads by simply examining a packet. This poses certain challenges to the intermediate devices that need to deep inspect the packet before making a decision on what should be done with that packet (Inspect and/or Allow/Drop). The mechanism described in this document can be used to easily disambiguate integrity-only ESP from ESP-encrypted packets@ without compromising on the security provided by ESP.
RFC 5840-2010 history
2010RFC 5840-2010 Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility