[anonsec] I-D Action:draft-ietf-btns-connection-latching-06.txt
Nicolas Williams
Nicolas.Williams at sun.com
Wed Apr 9 08:50:05 PDT 2008
On Wed, Apr 09, 2008 at 04:56:13PM +0200, Daniel Migault wrote:
> Your figure is probably clearer than mine, and it is better to separate
> the esp/ah layer from the key management layer.
> The logical SPD is the combination of decorrelated SPD and ULP-driven
> SPD. The figure mentions interaction between IKEv2 and the Logical SPD,
> but I don't see interaction between UPL and the logical SPD. Maybe one
> could add one arrow between ULP and the logical SPD.
Yes, I need to fix that. It needs to be more like this:
+--------------------------------------------+
| +--------------+ |
| |Administrator | |
| |apps | |
| +--------------+ |
| ^ ^ |
| | | | user mode
| v v |
| +--------------+ +-------++--------+ |
| |App | |IKEv2 || | |
| | | | +---+ || +----+ | |
| | | | |PAD| || |SPD | | |
| | | | +---+ || +--^-+ | |
| +--------------+ +-+-----++----+---+ |
| ^ | | |
+---|---------------------|-----------|------+ user/kernel mode
| |syscalls | PF_KEY | | interface
+---|---------------------|-----------|------+
| v | | |
|+-------+ +------------|-----------|-----+|
||ULP | | IPsec key|manager | ||
|+-------+ | | +--------v----+||
| ^ ^ | | | Logical SPD |||
| | | | | +-----------^-+||
| | | | +-------+ | || kernel mode
| | | | | | ||
| | | | +----------+ +--v--+ | ||
| | +-------->| Latch DB |<-->| SAD | | ||
| | | +----------+ +--^--+ | ||
| | +--------------------|------|--+|
+-|-------------------------------v------v---+
| | IPsec Layer (ESP/AH) |
| | |
+-v------------------------------------------+
| IP Layer |
+--------------------------------------------+
More information about the ANONSEC
mailing list