Aggregation and Fragmentation Mode for Encapsulating Security Payload (ESP) and Its Use for IP Traffic Flow Security (IP-TFS)
draft-ietf-ipsecme-iptfs-19
Technical Summary
This document describes a mechanism for aggregation and fragmentation of IP
packets when they are being encapsulated in ESP payload. This new payload type
can be used for various purposes such as decreasing encapsulation overhead for
small IP packets; however, the focus in this document is to enhance IPsec
traffic flow security (IP-TFS) by adding Traffic Flow Confidentiality (TFC) to
encrypted IP encapsulated traffic. TFC is provided by obscuring the size and
frequency of IP traffic using a fixed-sized, constant-send-rate IPsec tunnel.
The solution allows for congestion control as well as non-constant send-rate
usage.
Working Group Summary
Various aspects of the document were discussed and debated, with multiple
revisions incorporating the results. There was no controversy though, and there
is good WG consensus.
Document Quality
At least one implementation will be open sourced, with interest by others in
implementing. There were multiple thorough reviews by experts in the WG.
Personnel
Document Shepherd: Tero Kivinen
Responsible Area Director: Roman Danyliw