Min Ye <amy.yemin@xxxxxxxxxx> writes: > I have some minor concerns about this document that I think should be > resolved before it is submitted to the IESG. > > Comments: > > - May be the document can document if there is any modification for > what concerns closing of connections (in its current version the > document provides a requirement in Section 5 but no actual procedure) Thanks for the review and the comments. All of your other comments besides the above one are already slated to be fixed in the next draft. As for closing the connection, the intent of the ENO draft is for the actual close procedure to be delegated to the individual TEPs. During the working group, we saw at least two different cases depending on whether an encryption protocol authenticates individual TCP segments (like Joe Touch's ao-encrypt proposal and early drafts of tcpcrypt) or it authenticates data frames that may span TCP segments (like tcp-use-TLS and tcpcrypt in its current form). The goal of the ENO draft is to set minimum security requirements for all TEPs without ruling out either approach. Given that the tcpcrypt TEP draft does in fact specify the close procedure, do you think it is okay to leave the ENO draft as is? Or, as another alternative, ENO could simply state that any TEP must clearly specify the exact close procedure. Thanks, David