Dan, I think you need to consider the proposal a mismatch against your
policy and move to the next proposal. If you find an agreeable one, good.
If not, NO_PROPOSAL_CHOSEN.
Scott Moonen (smoo...@us.ibm.com)
z/OS Communications Server TCP/IP Development
http://www.linkedin.com/in/smoonen
|
| From: |
|
--|
|Dan McDonald dan.mcdon...@oracle.com
|
--|
|
| To:|
|
--|
|ipsec@ietf.org
|
--|
|
| Date: |
|
--|
|05/27/2010 01:17 PM
|
--|
|
| Subject: |
|
--|
|[IPsec] Invalid transform type in an SA payload - which error?
|
--|
While going over some error cases, we wondered if some miscreant sends us a
transform of type PRF in a CHILD_SA or AUTH exchange where the SA payload
is
clearly intended for a Child SA (e.g. ESP or AH)?
Would INVALID_SYNTAX or NO_PROPOSAL_CHOSEN work better here?
Thanks,
Dan
___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
inline: graycol.gifinline: ecblank.gif___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec