Discussion:
[anonsec] Connection latching by default?
Nicolas Williams
2008-01-10 23:45:05 UTC
Permalink
Solaris creates connection latches for all connected sockets by default,
whether the application requested it or not.

The just-submitted draft-ietf-btns-connection-latching-05.txt says:

Implementations MAY create IPsec channels
automatically by default when the application does not request an
IPsec channel.

But I see no reason not to make that a SHOULD. Dan thinks it should be
a SHOULD.

Others, however, may disagree.

Comments?

Nico
--
Sam Hartman
2008-01-14 22:18:52 UTC
Permalink
Nicolas> Solaris creates connection latches for all connected
Nicolas> sockets by default, whether the application requested it
Nicolas> or not.

Nicolas> The just-submitted
Nicolas> draft-ietf-btns-connection-latching-05.txt says:

Nicolas> Implementations MAY create IPsec
Nicolas> channels automatically by default when the application
Nicolas> does not request an IPsec channel.

Nicolas> But I see no reason not to make that a SHOULD. Dan
Nicolas> thinks it should be a SHOULD.

Nicolas> Others, however, may disagree.

I think you need to have strong support for making it a should;
silence is not enough on this point.
Nicolas Williams
2008-01-14 22:46:26 UTC
Permalink
Post by Sam Hartman
I think you need to have strong support for making it a should;
I'm asking who does support it (I know Dan does strongly support this,
and there is one implementation that does this _today_, namely Solaris).
Post by Sam Hartman
silence is not enough on this point.
I'm not sure that I understand what you mean by "silence is not enough
on this point" -- did I say something that indicated that silence would
be taken to denote consent?

Nico
--
Sam Hartman
2008-01-14 23:05:53 UTC
Permalink
Post by Sam Hartman
silence is not enough on this point.
Nicolas> I'm not sure that I understand what you mean by "silence
Nicolas> is not enough on this point" -- did I say something that
Nicolas> indicated that silence would be taken to denote consent?

I mean that if you get no objections and it is just you and Dan in
favor, that's not enough to make the change in this instance.
Nicolas Williams
2008-01-15 07:34:36 UTC
Permalink
Post by Sam Hartman
Post by Sam Hartman
silence is not enough on this point.
Nicolas> I'm not sure that I understand what you mean by "silence
Nicolas> is not enough on this point" -- did I say something that
Nicolas> indicated that silence would be taken to denote consent?
I mean that if you get no objections and it is just you and Dan in
favor, that's not enough to make the change in this instance.
I asked for a reason :)

I don't know how many opinions we'll get. Also, recommending that
connection latching be on by default can always be done later.

Nico
--

Loading...