[anonsec] Changes for draft-ietf-btns-connection-latching-07

Nicolas Williams Nicolas.Williams at sun.com
Tue Apr 15 07:31:57 PDT 2008 

At Philadelphia I had a conversation with Daniel Migault about
connection latching.  Daniel's main insight was that the key task for us
in this I-D was to make absolutely clear what is the impact of this work
on the IPsec architecture, and that that impact is minimal, or none
even.

Daniel subsequently posted suggested text and ASCII art, and though I
used very little of that text as is, Daniel's text and art inspired me
to follow along those lines.

So I made the following changes:

 - Simplified and clarified the connection latch state machine,
   including a state machine diagram.

 - Tailored the description of the normative model of connection
   latching to make clear that at its bare minimum it's just a purely
   local conflict detection and notification mechanism.

 - All features whereby local policy is logically updated are now
   optional, with clear warnings that no such logical policy updates
   survive reboots.

 - Added text to the security considerations section about the impact of
   this feature on the IPsec architecture.  The impact of optional
   features is described in a separate section.

 - Added an informative diagram showing the relationships between
   various components of an IPsec w/ connection latching system, all in
   terms likely to be understood by operating systems developers.

 - Added a section describing how connection latching works for each of
   the three major transport protocols, even though all the details
   therein follow from the remainder of the draft.  I thought it would
   be good to show that the details relating to SCTP were as simple as
   those relating to TCP.

The URL to the rfcdiff tool for the diffs between -06 and -07 is:

http://tools.ietf.org/rfcdiff?url1=http://tools.ietf.org/id/draft-ietf-btns-connection-latching-06.txt&url2=http://tools.ietf.org/id/draft-ietf-btns-connection-latching-07.txt


[No, I've not yet spell-checked -07.  I just noticed I misspelt
"simultaneous" -- how embarrassing.]

Nico
--

More information about the ANONSEC mailing list