[anonsec] I-D Action:draft-ietf-btns-connection-latching-02.txt

[Nicolas.Williams at sun.com (Nicolas Williams)]

On Fri, Sep 14, 2007 at 12:41:33PM -0500, Nicolas Williams wrote:
> I'd appreciate some feedback on this version of the connection latching
> I-D.
> 
>  - In particular I'm looking for feedback on section 2.1, whether the
>    proposed modification to the child SA authorization process is
>    reasonable.  (Note: the child SA authorization process is modified
>    only when connection latching is used; see also the note in section
>    2.3 about a PAD entry flag to preserve traditional semantics.)

I've found a way around that.  I've submitted -03 just now.

>  - Neither section 2.1 nor 2.2 talks about when to initiate SAs.  But it
>    should be obvious that the right time is when a latch is initiated.

Fixed.

>  - Section 3 doesn't say much about the SPD.
> 
>    In particular, when an application requests that traffic be PROTECTED
>    that would otherwise have been BYPASSed (or when a locally privileged
>    app requests the opposite) then the SPD should be temporarily
>    modified accordingly.  This should be described in detail.

Sections 2.1 and 3 now both deal with this properly, methinks.

Comments welcome.