> On Apr 15, 2016, at 3:24 PM, Michael Richardson <mcr+i...@sandelman.ca> wrote:
>
> ...
> I think that there is a significant tension between providing some useful
> diagnostics to the other end vs telling too much about our policy.
One approach would be: say nothing meaningful in the reply, but log information
locally. Then, if the other end is legitimate, the local end admin can examine
the log and find what went wrong. On the other hand, if the remote end is not
legitimate, it learns nothing.
paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
