> On Apr 15, 2016, at 3:24 PM, Michael Richardson <mcr+i...@sandelman.ca> wrote: > > ... > I think that there is a significant tension between providing some useful > diagnostics to the other end vs telling too much about our policy.
One approach would be: say nothing meaningful in the reply, but log information locally. Then, if the other end is legitimate, the local end admin can examine the log and find what went wrong. On the other hand, if the remote end is not legitimate, it learns nothing. paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec