subject:"\[IPsec\] Invalid transform type in an SA payload \- which error\?"

[IPsec] Invalid transform type in an SA payload - which error?

2010-05-27 Thread Dan McDonald

While going over some error cases, we wondered if some miscreant sends us a
transform of type PRF in a CHILD_SA or AUTH exchange where the SA payload is
clearly intended for a Child SA (e.g. ESP or AH)?

Would INVALID_SYNTAX or NO_PROPOSAL_CHOSEN work better here?

Thanks,
Dan
___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] Invalid transform type in an SA payload - which error?

2010-05-27 Thread Scott C Moonen


Dan, I think you need to consider the proposal a mismatch against your
policy and move to the next proposal.  If you find an agreeable one, good.
If not, NO_PROPOSAL_CHOSEN.


Scott Moonen (smoo...@us.ibm.com)
z/OS Communications Server TCP/IP Development
http://www.linkedin.com/in/smoonen


|
| From:  |
|
  
--|
  |Dan McDonald dan.mcdon...@oracle.com   
 |
  
--|
|
| To:|
|
  
--|
  |ipsec@ietf.org   
 |
  
--|
|
| Date:  |
|
  
--|
  |05/27/2010 01:17 PM  
 |
  
--|
|
| Subject:   |
|
  
--|
  |[IPsec] Invalid transform type in an SA payload - which error?   
 |
  
--|





While going over some error cases, we wondered if some miscreant sends us a
transform of type PRF in a CHILD_SA or AUTH exchange where the SA payload
is
clearly intended for a Child SA (e.g. ESP or AH)?

Would INVALID_SYNTAX or NO_PROPOSAL_CHOSEN work better here?

Thanks,
Dan
___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

inline: graycol.gifinline: ecblank.gif___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

[IPsec] Invalid transform type in an SA payload - which error?

Re: [IPsec] Invalid transform type in an SA payload - which error?

2 matches

Site Navigation

Mail list logo

Footer information