Dan, I think you need to consider the proposal a mismatch against your policy and move to the next proposal. If you find an agreeable one, good. If not, NO_PROPOSAL_CHOSEN.
Scott Moonen (smoo...@us.ibm.com) z/OS Communications Server TCP/IP Development http://www.linkedin.com/in/smoonen |------------> | From: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Dan McDonald <dan.mcdon...@oracle.com> | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |ipsec@ietf.org | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |05/27/2010 01:17 PM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |[IPsec] Invalid transform type in an SA payload - which error? | >--------------------------------------------------------------------------------------------------------------------------------------------------| While going over some error cases, we wondered if some miscreant sends us a transform of type PRF in a CHILD_SA or AUTH exchange where the SA payload is clearly intended for a Child SA (e.g. ESP or AH)? Would INVALID_SYNTAX or NO_PROPOSAL_CHOSEN work better here? Thanks, Dan _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
<<inline: graycol.gif>>
<<inline: ecblank.gif>>
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec