[anonsec] BYPASS OR PROTECT
Nicolas Williams
Nicolas.Williams at sun.com
Mon Apr 9 08:12:46 PDT 2007
On Mon, Apr 09, 2007 at 08:28:35AM -0400, Stephen Kent wrote:
> At 4:23 PM -0500 4/6/07, Nicolas Williams wrote:
> >My view was that app-driven rules, in the model we'll describe, are
> >inserted into a normal SPD and then de-correlation is done again in
> >order to install the new SPD.
>
> OK, then let's say so explicitly in our description of the nominal model.
>
> >Implementors may choose to do this differently, provided that they
> >maintain the same semantics.
>
> right, but we need a precise nominal model, like 4301, to provide a
> testable reference.
The next revision of the connection latching I-D will say so, or perhaps
this should be a separate I-D (Sam seemed to think so).
What's the status of the core I-D?
Nico
--
More information about the ANONSEC
mailing list