On Mon, May 12, 2008 at 08:40:29PM -0400, Bill Sommerfeld wrote: > A revised design document incorporating responses to the comments so > far, plus a glossary of terms used in the document, is now available at: > > http://www.opensolaris.org/os/project/txipsec/Design/phase1-0.4.pdf <SNIP!>
You've addressed all of my previous comments very well, thank you. Two more things: * Your glossary's mention of PF_KEY should mention RFC 2367. * IKE traffic is ADMIN_LOW. How would that work if a labeled system wants to talk with an unlabeled one? Or is this where those annoying middleboxen come in handy? Dan