On 11 Feb 2013, at 16:42 , Ole Troan wrote: > what about ESP with NULL encryption?
In the general case, there is no way to reliably (i.e. 100.00%) know whether a transit ESP packet is using encryption or not. There are published heuristics that seek to identify ESP packets that might not be encrypted, but I don't know of any fully reliable heuristics one might use (see above for my definition of reliable). Also, the IETF standardised WESP, but after asking around and looking, I can't find even one implementation of WESP. So WESP appears to have either zero deployment or ignorably low deployment. Yours, Ran -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------