[anonsec] BYPASS OR PROTECT
kent at bbn.com
Wed Apr 4 08:22:04 PDT 2007
At 12:31 PM -0400 4/3/07, Michael Richardson wrote:
>Stephen Kent wrote:
>> The existing 4301 model describes BYPASS and PROTECT as mutually
>> exclusive descriptions. So, the new option, which might more properly
>> be named "PROTECT IF POSSIBLE" is a third option that the user has to
> As this is used primarily on the responder, I suggest th wording be infact:
> "PROTECT IF REQUESTED"
Does the spec say that it is used ONLY by a responder? If so, then
your wording sounds better. If not, ...
>> Of course we still have to make sure that there is no overlap (in
>> terms of address space or name space) between entries in the SPD
>> that are described as PROTECT and ones that are labeled as "PROTECT
>> IF POSSIBLE." The same is true for the PAD. These constrains are
> This is a general problem in the PAD, and
>SPD with overlapping items. i.e. this problem already exists, and
>has been solved.
I'm not quite sure what you mean above. The ordering of the PAD and
SPD allows one to have overlapping entries, but those were entries
that all had the same precedence, and which offer a binary choice.
The notion of PROTECT IF REQUESTED/POSSIBLE is a new concept with
different semantics and that's why I believe we have to be more
sophisticated in how we add this feature to the PAD and SPD.
More information about the ANONSEC