[anonsec] A note about connection latchin.
kent at bbn.com (Stephen Kent) Mon, 10 September 2007 17:44 UTC
From: kent at bbn.com (Stephen Kent)
Date: Mon, 10 Sep 2007 13:44:32 -0400
Subject: [anonsec] A note about connection latchin.
At 5:07 PM -0500 9/7/07, Nicolas Williams wrote: >The connection latching I-D puts forward two informative models. The >next version, which I'm working on right now, will make one of those >models normative. > >The two models, you might recall, are: > >a) ULPs interface with IPsec via "template" PAD and SPD entries that get > "cloned" upon triggering events. > > For example, a TCP connect() would create a template PAD entry with > the connection's 5-tuple as child SA constraints, prior to sending > the TCP SYN packet. A TCP listen() would create a template PAD entry > with the listener's 3-tuple as child SA constraints, prior to > accepting any TCP SYN packets. For SPD entries, the applicable term is "populate from packet" and we have a flag for that. PAD entries don't have 5-tuples, so did you mean SPD above? If so, do you want to specify the template PAD entry separately above? Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.postel.org/pipermail/anonsec/attachments/20070910/279bf772/attachment.html