Re: core doc outstanding issues

At 8:47 AM -0600 2/21/07, Nicolas Williams wrote:
>On Wed, Feb 21, 2007 at 09:22:02AM -0500, Stephen Kent wrote:
>>  At 12:30 PM -0600 2/20/07, Nicolas Williams wrote:
>>  >It would help to have a more formal description of the PAD.
>>
>>  yes, that could help, but I think I've pointed to text in 4301 that
>>  shows why the example on the slide was not a good one.
>
>Not a good one, perhaps, but not incorrect either (below I think out
>loud to convince myself that it's not a good example).  As I explained
>at the meeting at IETF66 one might prefer to to use names instead of
>TSes for SPD searches if referential integrity between the PAD and the
>SPD using IP addresses is harder to maintain than using IDs -- which it
>might well be.
>
>I'll make the following changes to the I-D and submit:
>
>  - change those example PAD entries (all non-BTNS ones) to search the
>    SPD by IP address
>
>  - change the example SPDs to have a separate column for name, if I
>    still have any PAD entries specifying tha the SPD be searched by ID
>
>  - add a better description of how the whole PAD constrains the TSes
>    that BTNS peers can assert for their child SAs
>
>Now for the thinking out loud...
>
>Suppose we use certs with iPAddress SANs, then the PAD can be very
>simple, and the SPD can be very simple also, with only the PAD