Presentation is loading. Please wait.

Presentation is loading. Please wait.

WESP Extensions 76 IETF Nov 2009 IPsecme WG Meeting 12-Nov-2009 Gabriel Montenegro Ken Grewal.

Published byAlexis Holden Modified over 10 years ago

Similar presentations

Presentation on theme: "WESP Extensions 76 IETF Nov 2009 IPsecme WG Meeting 12-Nov-2009 Gabriel Montenegro Ken Grewal."— Presentation transcript:

1 WESP Extensions 76 IETF Nov 2009 IPsecme WG Meeting 12-Nov-2009 Gabriel Montenegro Ken Grewal

2 Motivation WESP enables extra capabilities for traffic visibility to IPsec At the same time: versioning and extensibility is now possible Some mailing list discussions have pointed out that this is almost as useful as the base capabilities Proposal: define the extensibility via options along the lines of IPv6 options 12-Nov-200976 IETF IPSECME WG2

3 Some potential applications Caveat: Just for illustration, main point is to request the WG to work on the extensibility capability for WESP Padding Option (the hello world of extensibility) Operations and Management –connectivity verification (in-band) –error notification –SA monitoring option Encryption offset To carry security labels in labeled IPsec? Main point: define the extensibility for any of the above and others 12-Nov-200976 IETF IPSECME WG3

4 4 WESP Extension (1) 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WESP Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | WESP Extension Payload | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ESP Encapsulation | ~ ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12-Nov-200976 IETF IPSECME WG

5 5 WESP Extension (2) 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | HdrLen | TrailerLen |V|V|E|P|X|Flags| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Data (variable) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data (variable) | ~ ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ESP Encapsulation | ~ ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: per IPv6 (RFC2460) High order 2 bits specify behavior when the option is not recognized: 00 - silently skip the option 01 - silently discard the packet 10 - discard and send ICMP parameter error 11 - discard and send ICMP parameter error if not multicast Next bit specifies mutability of the option: 0 – immutable option (included in WESPs ICV) 1 - mutable option (NOT included in WESPs ICV) Length: in octets, excluding Type and Length fields 12-Nov-200976 IETF IPSECME WG

6 Other Considerations IKE negotiation similar to WESP: –notification USE_WESP_EXTENSIONS Flag versus new version number? –If new version number, we dont need another flag 12-Nov-200976 IETF IPSECME WG6

Download ppt "WESP Extensions 76 IETF Nov 2009 IPsecme WG Meeting 12-Nov-2009 Gabriel Montenegro Ken Grewal."

Similar presentations

Ch 20. Internet Protocol (IP). 20.1 Internetworking PHY and data link layers operate locally.

Ch 20. Internet Protocol (IP) Internetworking PHY and data link layers operate locally.
Chapter 20 Network Layer: Internet Protocol

Chapter 20 Network Layer: Internet Protocol
® IEEE 802.1ae & Legacy Technologies Ken Grewal. ® 2 Agenda  Problem Statement  Technologies Impacted  Recommendations.

® IEEE 802.1ae & Legacy Technologies Ken Grewal. ® 2 Agenda  Problem Statement  Technologies Impacted  Recommendations.
© 2006 The MITRE Corporation. All rights reserved Carrying IPSEC Authentication and ESP Headers Across SCPS-NP Networks Keith Scott.

© 2006 The MITRE Corporation. All rights reserved Carrying IPSEC Authentication and ESP Headers Across SCPS-NP Networks Keith Scott.
CS 265 – Project IPv6 Security Aspects Surekha Shinde.

CS 265 – Project IPv6 Security Aspects Surekha Shinde.
The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
IPv6. Major goals 1.support billions of hosts, even with inefficient address space allocation. 2.reduce the size of the routing tables. 3.simplify the.

IPv6. Major goals 1.support billions of hosts, even with inefficient address space allocation. 2.reduce the size of the routing tables. 3.simplify the.
IPv6 Tutorial Module 1: IPv6 Protocol Structure Dan Campbell, President Millennia Systems, Inc.

IPv6 Tutorial Module 1: IPv6 Protocol Structure Dan Campbell, President Millennia Systems, Inc.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College

2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.

1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.
Engineering Workshops IPv6 “Under the Hood”. Engineering Workshops IPv6 Tutorial/Workshop Rick Summerhill Executive Director, Great Plains Network Dale.

Engineering Workshops IPv6 “Under the Hood”. Engineering Workshops IPv6 Tutorial/Workshop Rick Summerhill Executive Director, Great Plains Network Dale.
Header and Payload Formats

Header and Payload Formats
1 IPv6 Packet Format. 2 Objectives IPv6 vs IPv4 IPv6 Packet Format IPv6 fields IPv6 and data-link technologies.

1 IPv6 Packet Format. 2 Objectives IPv6 vs IPv4 IPv6 Packet Format IPv6 fields IPv6 and data-link technologies.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

Similar presentations

Ads by Google