[anonsec] I-D Action:draft-ietf-btns-connection-latching-06.txt
Nicolas Williams
Nicolas.Williams at sun.com
Tue Apr 8 10:30:36 PDT 2008
On Mon, Apr 07, 2008 at 01:00:04PM -0500, Nicolas Williams wrote:
> > < The State diagram with functions can be represented by the figure below:
> > < [I removed mine]
>
> Er, could you send it again?
Never mind. I've written one:
|
CREATE_LISTENER_LATCH()
|
|
v
+--------+ /
|LISTENER|-------+ <CREATE_CONNECTION_LATCH()>
+--------+ | /
| /
| +
| |
v v
+-----------+
+------|ESTABLISHED|<-------+
| +-----------+ |
<conflict> | | <conflict
| | | cleared>
v | <conflict> |
+------+ | | +---------+
|BROKEN| | +----->|SUSPENDED|
+------+ | +---------+
| <RELEASE_LATCH()> |
| | |
<RELEASE_LATCH()> v <RELEASE_LATCH()>
| +------+ |
+-------->|CLOSED|<-------------+
+------+
> I'll review your "Interaction between LD and other IPsec Databases"
> section next.
I think your sections 4. and 4.1 mostly restate what a lot of the draft
already says, but section 4.2 inspires me to add an example section.
I think we need a section with a very simple sample PAD and SPD
configuration as follows:
- The PAD shall have one entry specifying a PKI trust anchor that
peers' certificates must validate to.
- The SPD will have a single PROTECT entry with address and port ranges
for traffic selectors, and a single BYPASS entry for another set of
addresses and ports. The protocol will be TCP in both cases.
Events in the example will include:
- Creation of a TCP listener
- receipt of a TCP SYN for that listener and completion of the TCP
handshake
- An attempt to do establish a TCP connection for a different
application
- sending a TCP SYN
- completion of the TCP handshake
- Connection closing
- Network events that result in conflicting SAD updates
- Local conflicting SPD updates
Nico
--
More information about the ANONSEC
mailing list