[anonsec] I-D Action:draft-ietf-btns-connection-latching-02.txt

Nicolas.Williams at sun.com (Nicolas Williams) Mon, 17 September 2007 20:24 UTC

From: Nicolas.Williams at sun.com (Nicolas Williams)
Date: Mon, 17 Sep 2007 15:24:52 -0500
Subject: [anonsec] I-D Action:draft-ietf-btns-connection-latching-02.txt
In-Reply-To: <20070914174133.GF1920@Sun.COM>
References: <E1IVM2z-0008D7-TP@stiedprstage1.ietf.org> <20070914174133.GF1920@Sun.COM>
Message-ID: <20070917202451.GB3328@Sun.COM>

On Fri, Sep 14, 2007 at 12:41:33PM -0500, Nicolas Williams wrote:
> I'd appreciate some feedback on this version of the connection latching
> I-D.
> 
>  - In particular I'm looking for feedback on section 2.1, whether the
>    proposed modification to the child SA authorization process is
>    reasonable.  (Note: the child SA authorization process is modified
>    only when connection latching is used; see also the note in section
>    2.3 about a PAD entry flag to preserve traditional semantics.)

I've found a way around that.  I've submitted -03 just now.

>  - Neither section 2.1 nor 2.2 talks about when to initiate SAs.  But it
>    should be obvious that the right time is when a latch is initiated.

Fixed.

>  - Section 3 doesn't say much about the SPD.
> 
>    In particular, when an application requests that traffic be PROTECTED
>    that would otherwise have been BYPASSed (or when a locally privileged
>    app requests the opposite) then the SPD should be temporarily
>    modified accordingly.  This should be described in detail.

Sections 2.1 and 3 now both deal with this properly, methinks.

Comments welcome.