[anonsec] I-D Action:draft-ietf-btns-connection-latching-02.txt
Nicolas Williams
Nicolas.Williams at sun.com
Mon Sep 17 13:24:52 PDT 2007
On Fri, Sep 14, 2007 at 12:41:33PM -0500, Nicolas Williams wrote:
> I'd appreciate some feedback on this version of the connection latching
> I-D.
>
> - In particular I'm looking for feedback on section 2.1, whether the
> proposed modification to the child SA authorization process is
> reasonable. (Note: the child SA authorization process is modified
> only when connection latching is used; see also the note in section
> 2.3 about a PAD entry flag to preserve traditional semantics.)
I've found a way around that. I've submitted -03 just now.
> - Neither section 2.1 nor 2.2 talks about when to initiate SAs. But it
> should be obvious that the right time is when a latch is initiated.
Fixed.
> - Section 3 doesn't say much about the SPD.
>
> In particular, when an application requests that traffic be PROTECTED
> that would otherwise have been BYPASSed (or when a locally privileged
> app requests the opposite) then the SPD should be temporarily
> modified accordingly. This should be described in detail.
Sections 2.1 and 3 now both deal with this properly, methinks.
Comments welcome.
More information about the ANONSEC
mailing list