[anonsec] Changes for draft-ietf-btns-connection-latching-07
Nicolas Williams <Nicolas.Williams@sun.com> Tue, 15 April 2008 14:56 UTC
Return-Path: <anonsec-bounces@postel.org>
X-Original-To: ietfarch-btns-archive-waDah9Oh@core3.amsl.com
Delivered-To: ietfarch-btns-archive-waDah9Oh@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 98B6A3A6EF7 for <ietfarch-btns-archive-waDah9Oh@core3.amsl.com>; Tue, 15 Apr 2008 07:56:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.496
X-Spam-Level:
X-Spam-Status: No, score=-2.496 tagged_above=-999 required=5 tests=[AWL=0.103, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TRUy2U3ujXYq for <ietfarch-btns-archive-waDah9Oh@core3.amsl.com>; Tue, 15 Apr 2008 07:56:02 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by core3.amsl.com (Postfix) with ESMTP id C14DA3A6EF3 for <btns-archive-waDah9Oh@lists.ietf.org>; Tue, 15 Apr 2008 07:56:02 -0700 (PDT)
Received: from boreas.isi.edu (localhost [127.0.0.1]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id m3FEWjTY024754; Tue, 15 Apr 2008 07:32:46 -0700 (PDT)
Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id m3FEW2T2024417 for <anonsec@postel.org>; Tue, 15 Apr 2008 07:32:02 -0700 (PDT)
Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id m3FEVvXK006677 for <anonsec@postel.org>; Tue, 15 Apr 2008 14:31:58 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id m3FEVvY7051861 for <anonsec@postel.org>; Tue, 15 Apr 2008 08:31:57 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1) with ESMTP id m3FEVv0B012623 for <anonsec@postel.org>; Tue, 15 Apr 2008 09:31:57 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1/Submit) id m3FEVv6o012622 for anonsec@postel.org; Tue, 15 Apr 2008 09:31:57 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Tue, 15 Apr 2008 09:31:57 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: anonsec@postel.org
Message-ID: <20080415143157.GH8027@Sun.COM>
Mail-Followup-To: anonsec@postel.org
Mime-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.7i
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: nicolas.williams@sun.com
Subject: [anonsec] Changes for draft-ietf-btns-connection-latching-07
X-BeenThere: anonsec@postel.org
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: "Discussions of anonymous Internet security." <anonsec.postel.org>
List-Unsubscribe: <http://mailman.postel.org/mailman/listinfo/anonsec>, <mailto:anonsec-request@postel.org?subject=unsubscribe>
List-Archive: <http://mailman.postel.org/pipermail/anonsec>
List-Post: <mailto:anonsec@postel.org>
List-Help: <mailto:anonsec-request@postel.org?subject=help>
List-Subscribe: <http://mailman.postel.org/mailman/listinfo/anonsec>, <mailto:anonsec-request@postel.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: anonsec-bounces@postel.org
Errors-To: anonsec-bounces@postel.org
At Philadelphia I had a conversation with Daniel Migault about connection latching. Daniel's main insight was that the key task for us in this I-D was to make absolutely clear what is the impact of this work on the IPsec architecture, and that that impact is minimal, or none even. Daniel subsequently posted suggested text and ASCII art, and though I used very little of that text as is, Daniel's text and art inspired me to follow along those lines. So I made the following changes: - Simplified and clarified the connection latch state machine, including a state machine diagram. - Tailored the description of the normative model of connection latching to make clear that at its bare minimum it's just a purely local conflict detection and notification mechanism. - All features whereby local policy is logically updated are now optional, with clear warnings that no such logical policy updates survive reboots. - Added text to the security considerations section about the impact of this feature on the IPsec architecture. The impact of optional features is described in a separate section. - Added an informative diagram showing the relationships between various components of an IPsec w/ connection latching system, all in terms likely to be understood by operating systems developers. - Added a section describing how connection latching works for each of the three major transport protocols, even though all the details therein follow from the remainder of the draft. I thought it would be good to show that the details relating to SCTP were as simple as those relating to TCP. The URL to the rfcdiff tool for the diffs between -06 and -07 is: http://tools.ietf.org/rfcdiff?url1=http://tools.ietf.org/id/draft-ietf-btns-connection-latching-06.txt&url2=http://tools.ietf.org/id/draft-ietf-btns-connection-latching-07.txt [No, I've not yet spell-checked -07. I just noticed I misspelt "simultaneous" -- how embarrassing.] Nico -- _______________________________________________
- [anonsec] Changes for draft-ietf-btns-connection-… Nicolas Williams
- [anonsec] WGLC for connection-latching-07 (Re: Ch… Nicolas Williams
- Re: [anonsec] WGLC for connection-latching-07 (Re… Julien Laganier